Why is SSL-VPN answering on different secondary IP Addresses?
I have the following IP's assigned by my ISP:
24.173.163.1: Internet Gateway
24.173.163.2: Internet access
24.173.163.3: Secondary network IP, not in use
24.173.163.4: Configured as the external IP for inbound SSL-VPN access
24.173.163.5: Secondary network IP, not in use
24.173.163.6: not in use
My users can connect with SSL-VPN to IP 24.173.163.4 but I'm also able to connect with the .3 and .5 addresses. The 24.173.163.4 address is the only one specified in my SSL-VPN configuration, there is no backup address specified. Is this expected behavior or am I doing something wrong?
0
Best Answer
-
Opps - my error.
From: Any-external is correct.
Change the To: field from Firebox to 24.173.163.45
Sign In to comment.
Answers
The default setting for the auto-created WatchGuard SSLVPN policy From: field is Any-external, not a specific external IP addr.
If you want to limit the SSLVPN clients to only access desired IP addrs, then you need to modify the WatchGuard SSLVPN policy From: field as desired.
Bruce, I tried that. I set the From: field to be IP address 24.173.163.4. After that I could not connect at all.
What do you see in Traffic Monitor when you try the connection now?
That fixed it. Thanks Bruce.