Mobile VPN access to device on routed subnet
Hi,
I'm not to network savvy, but will try to explain situation as best possible.
Watchguard box has LAN IP 192.168.1.1/24
I have a mobile SSL VPN routed all ressources allowed - net 192.168.251.0/24
I also have several different networks connected with some sort of MPLS. These networks are reachable from within the Watchguard box's LAN.
All the "MPLS" networks have a route defined as:
Destination: 192.168.89.0/24
Gateway: 192.168.1.2
Metric: 1
Routes are defined for every single network connected as "MPLS".
In other words from say 192.168.1.31 I can reach say 192.168.89.6 via the route above through gateway 192.168.1.2.
But if I try to do that from a mobile SSL VPN I can't reach 192.168.89.6, no ping, no traceroute, no sign of traffic in the log.
What am I doing wrong or missing here?
Comments
How is your sslvpn route configured?
Try with the “Force all client traffic through tunnel” config
or “Specify allowed resources” config and add all the necessary networks…
Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?
Force all traffic through tunnel is enabled
Hmmm good point so a route defined as
destination: 192.168.251.0/24
Gateway: 192.168.251.1?
Metric: 1
Would that be the way?
Or would that have to be done at the box having 192.168.1.2 IP?
Then the problem can be that the mpls networks don’t have route back to your firebox...
192.168.1.2 has to know where to route 192.168.251.0/24 to. That´s via 192.168.1.1 (firebox).
192.168.1.2 is an ISP box that connects to all the other networks. Firebox is at 192.168.1.1.
So, and I'm sorry if I'm a bit of a noob here, where would I define the route? Firebox or ISP box
And how would the route be defined?
Both end´s. Both your firebox needs to know the routes (which it does or you would not be able to route to the mpls networks from inside your 192.168.1.0 subnet.
My guess is 192.168.1.2 need to know where to route 192.168.251.0/24. I laso guess this is a managed service by your ISP, so most likely you need to contact your isp.
Do your mpls networks browse out to the internet through your Firebox?
i think you are right .... thanks for the help it got me back on the road again :-)
I'm actually not sure.... but anyway I think I have the solution now.... thanks for your time and effort :-)