Client/Server SSL VPN - Access from Company LAN to Client machine possible?

2»

All Replies

  • itxnc
    itxnc Posts: 98  Ally Member
    First Comment Friend Collector Sixth Anniversary
    Correct - the extension LAN is sort of a 'shim' network but you'll have direct access to the LAN as long as the SSLVPN to any (or LAN1) default firewall rule is still there. LAN1 will route to 192.168.200.x automagically. No routes needed. And if your tunnel is a split tunnel, you create a LAN1 -> SSLVPN firewall rule (which isn't there by default), otherwise it's not needed for a Full Tunnel
  • Felipe
    Felipe Posts: 1
    First Comment
    USG_User, I don't know if you still have this question. Our firewall in the headquarters is of a different brand, but I had the same problem: The remote client could connect to the VPN and reach the computers in headquarters, but computers in the headquarters could not reach the remote computer.

    I also didin't want to use the tunnel to route all the traffic from the remote computer to the headquarters. After tested lots of things, I solve my problem this way:

    1 - From the remote computer, establish the VPN connection (uncheck the option to use the tunnel to route all the traffic)

    2 - On the remote computer, create a static route to the Public IP address of the VPN (configured in the firewall of the headquarters), using as gateway the own IP address of the VPN connection assigned to the remote computer

    3 - On the remote computer, create static routes to all the networks in the headquarters you want the remote computer to reach, using as gateway the own IP address of the VPN connection assigned to the remote computer

    4 - Create a firewall rule in the remote computer to allow traffic from the public IP addresses of the VPN

    5 - Anything need to be configured in the computers in the headquarters.


    After this, the connection worked in both directions: the remote pc and the computers in headquarters could see each other.

    In my case, I was not able to assign a fixed IP address to VPN connection to the remote computer, so I don't know exactly what will happen if the client disconnect the VPN, but for now it's working.





  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Maybe you need to add extra routing rule on the firewall to make computers in the headquarters reach the remote computer. If your firewall is not zyxel's usg series, you can consult the technical support of the firewall vendor about the configuration.  

Security Highlight