Mobile VPN access to device on routed subnet

Hi,

I'm not to network savvy, but will try to explain situation as best possible.

Watchguard box has LAN IP 192.168.1.1/24
I have a mobile SSL VPN routed all ressources allowed - net 192.168.251.0/24
I also have several different networks connected with some sort of MPLS. These networks are reachable from within the Watchguard box's LAN.
All the "MPLS" networks have a route defined as:
Destination: 192.168.89.0/24
Gateway: 192.168.1.2
Metric: 1

Routes are defined for every single network connected as "MPLS".

In other words from say 192.168.1.31 I can reach say 192.168.89.6 via the route above through gateway 192.168.1.2.

But if I try to do that from a mobile SSL VPN I can't reach 192.168.89.6, no ping, no traceroute, no sign of traffic in the log.

What am I doing wrong or missing here?

Comments

  • How is your sslvpn route configured?
    Try with the “Force all client traffic through tunnel” config
    or “Specify allowed resources” config and add all the necessary networks…

  • Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

  • @kimmo.pohjoisaho said:
    How is your sslvpn route configured?
    Try with the “Force all client traffic through tunnel” config
    or “Specify allowed resources” config and add all the necessary networks…

    Force all traffic through tunnel is enabled

  • @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Hmmm good point so a route defined as
    destination: 192.168.251.0/24
    Gateway: 192.168.251.1?
    Metric: 1

    Would that be the way?

  • @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Or would that have to be done at the box having 192.168.1.2 IP?

  • Then the problem can be that the mpls networks don’t have route back to your firebox...

  • @ithex said:

    @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Or would that have to be done at the box having 192.168.1.2 IP?

    192.168.1.2 has to know where to route 192.168.251.0/24 to. That´s via 192.168.1.1 (firebox).

  • @rv@kaufmann.dk said:

    @ithex said:

    @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Or would that have to be done at the box having 192.168.1.2 IP?

    192.168.1.2 has to know where to route 192.168.251.0/24 to. That´s via 192.168.1.1 (firebox).

    192.168.1.2 is an ISP box that connects to all the other networks. Firebox is at 192.168.1.1.

    So, and I'm sorry if I'm a bit of a noob here, where would I define the route? Firebox or ISP box
    And how would the route be defined?

  • @ithex said:

    @rv@kaufmann.dk said:

    @ithex said:

    @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Or would that have to be done at the box having 192.168.1.2 IP?

    192.168.1.2 has to know where to route 192.168.251.0/24 to. That´s via 192.168.1.1 (firebox).

    192.168.1.2 is an ISP box that connects to all the other networks. Firebox is at 192.168.1.1.

    So, and I'm sorry if I'm a bit of a noob here, where would I define the route? Firebox or ISP box
    And how would the route be defined?

    Both end´s. Both your firebox needs to know the routes (which it does or you would not be able to route to the mpls networks from inside your 192.168.1.0 subnet.

    My guess is 192.168.1.2 need to know where to route 192.168.251.0/24. I laso guess this is a managed service by your ISP, so most likely you need to contact your isp.

  • Do your mpls networks browse out to the internet through your Firebox?

  • @rv@kaufmann.dk said:

    @ithex said:

    @rv@kaufmann.dk said:

    @ithex said:

    @rv@kaufmann.dk said:
    Do 192.168.1.2 know how to route traffic to 192.168.251.0/24 ?

    Or would that have to be done at the box having 192.168.1.2 IP?

    192.168.1.2 has to know where to route 192.168.251.0/24 to. That´s via 192.168.1.1 (firebox).

    192.168.1.2 is an ISP box that connects to all the other networks. Firebox is at 192.168.1.1.

    So, and I'm sorry if I'm a bit of a noob here, where would I define the route? Firebox or ISP box
    And how would the route be defined?

    Both end´s. Both your firebox needs to know the routes (which it does or you would not be able to route to the mpls networks from inside your 192.168.1.0 subnet.

    My guess is 192.168.1.2 need to know where to route 192.168.251.0/24. I laso guess this is a managed service by your ISP, so most likely you need to contact your isp.

    i think you are right .... thanks for the help it got me back on the road again :-)

  • @kimmo.pohjoisaho said:
    Do your mpls networks browse out to the internet through your Firebox?

    I'm actually not sure.... but anyway I think I have the solution now.... thanks for your time and effort :-)

Sign In to comment.