Client Gateway and SSL Problem
Hi,
I am stuck with a problem the last days and hope that you can maybe push me in the right direction.
I have the following configuration (simplified):
Network: 192.168.1.0/24 (ranging from 192.168.1.1 to 192.168.1.254)
Servers, Batch A:
192.168.1.1 to 192.168.1.10 (all set to default gateway 192.168.1.253)
Servers, Batch B:
192.168.1.11 to 192.168.1.20 (all set to default gateway 192.168.1.254)
Clients, Batch A:
192.168.1.101 to 192.168.1.99 (all set to default gateway 192.168.1.253)
Clients, Batch B:
192.168.1.101 to 192.168.1.199 (all set to default gateway 192.168.1.254)
Firebox A:
192.168.1.253 (internal, external connected to ISP A)
Firebox B:
192.168.1.254 (internal, external connected to ISP
I can connect to both Fireboxes via VPN and the firewalls are set to have any access to the internal network, which totally works fine - except when the server or client is set to have another gateway than the one i am connected to.
So when i connect via VPN to the Firebox A, i can reach all servers and clients from the batches A that have the gateway set to Firebox A.
All servers and clients of the batch B, that have the second Firebox B as a gateway are completely out of reach. No pings, no smb, no RDP. nothing.
That seems a bit odd to me as both Fireboxes and all Servers and Clients are in the same subnet on the same stack of switches and we have no problems within that network.
Though i tried a lot, I haven't found any solution to solve this yet. I think i am missing something here... Does someone have any clues how to fix that issue?
Thanks in advance and greetings from Hannover/Germany,
Comments
Your BOVPN Tunnel settings need to include the SSLVPN virtual IP addr subnet, on both ends, for SSLVPN client traffic to go across the BOVPN.
Thank you, Bruce!
I will definately look into that and try it. BOVPN is not set up at all the moment.
I may misunderstand the concept of BOVPN but i haven't considered using it as the two fireboxes and all the servers and clients are on the same premise. The Fireboxes are mounted on the same rack, literally inches away from each other and as i understood BOVPN, it would connect them via ISP though they can ping each other on the trusted network within the same subnet. So connecting them over the external ISP seems to build a bottleneck to me, but i give it a shot.
OK, on further inspection it turns out, that i built an asymmetric routing with the given configuration with two Firewalls connecting to two different ISPs and acting as a single gateway individually.
I'll probably go with a single Firewall-Configuration and an Multi-WAN setup instead, that serves as the single gateways in the given network, preventing any asymmetric routing.
Thanks for the help and advice, anyway and all the best from Hannover/Germany!
Sorry, I misread your 1st post. It looked to me like you have a BOVPN between each firewall.
When connected to firewall A by a VPN client, how are you trying to connect to a server on firewall B? By the firewall B external interface IP addr?