Ping from trusted Network Server to Mobile VPN SSL Client not possible

I am using Mobile VPN with SSL, everything is working fine so far.
However i am trying since a long time how i can ping my connected vpn client pc's from our AD Server on the trusted LAN.
On the Server the ip's are resolving properly on DNS Manager. But if i trace a route to the clients ip, for example, the trace routes firstly correct to the Firewall, after the Firewall to the external network (www) and then goes nowhere.

what I have already tried:
Pinging directly from WG Firewall to Client's IP is sucsessful
Pinging to IpSec Client's (shrewSoft) from the Server is possible
Nothing to see in Traffic manager

Firewall M270, 12.7.2 (Build 647073)

does anyone have a suggestion on how I can successfully ping our Mobile VPN with SSL clients?


  • Options

    Is the virtual IP addr of the VPN client?
    I would not expect so, since it is a public IP addr.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    For the SSLVPN, there's no rule by default that allows traffic to go from the internal network to VPN clients -- you need to make one.
    Generally, making a rule that allows traffic from your trusted subnet to the SSLVPN subnet should allow that traffic, provide nothing else is blocking it.

    -James Carson
    WatchGuard Customer Support

  • Options
    edited December 2021

    small mistake i meant ;-)

    no improvement after i created the appropriate police. (see attached photo1)
    I find it strange that the traceroute after the firewall goes to the Internet via the external interface. (see attached photo2)
    how can i route this traffic vpn through tunnel?
    I currently have no network routes set up on firebox.


  • Options

    Look at Web UI -> System Status -> Routes
    I have an entry near the bottom for my SSLVPN subnet tun0 U 0

    Do you have something similar?

    When I tracert to - a not connected SSLVPN IP addr, my tracert does not go out to the Internet.

    I'm running V12.8 beta, but I would not expect the version to be an issue.

  • Options

    I see the same route on my Firebox tun0 U 0

    I don't think it's the version either.

    something is routing the traffic back to SSLVPN-Clients wrong..

  • Options

    Consider opening a support incident

Sign In to comment.