Options
vpn issue
Hi
We have ssl vpn configured for our users.
When connected to our office we can connect to a internal intranet site.
When connected to the vpn we can ping the site however we can't access it.
The issue seems to be that tcp port 80 is not accesible when connected to it.
Does anyone have any idea how to resolve please?
Best Regards
Martin
0
Sign In to comment.
Comments
Are you accessing it via the internal IP addr of the site or the public IP addr?
If via the public IP addr, have you set up NAT loopback for this access?
NAT Loopback and Static NAT (SNAT)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_static_c.html
Hi Bruce > we use the internal ip address
What do yo see in Traffic Monitor when this access is tried?
You can turn on Logging on a policy such as the "Allow SSLVPN-Users" or whatever policy that allows SSLVPN users to access this site, to see packets allowed by the policy in Traffic Monitor.
Are there any controls on the web server to prevent access from selected IP addrs/subnets?
Perhaps this is a MTU issue.
You could try setting the MTU of your web server to 1400, and see if that addresses the issue.
Hi
The intranet site is controlled by our head office in Japan - so I guess it could be something related so controls as it works from our internal ip range but not the vpn range.
This is what I see from the traffic monitor
2024-02-06 14:00:55 Allow 10.214.6.5 10.100.16.123 http/tcp 64490 80 tun0 Trusted Allowed 52 127 (Allow SSLVPN-Users-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 8 S 1200124172 win 61690" src_user="xxxxxl" Traffic
Since the log message indicates that TCP port 80 packet is being forwarded to the web server, you need to contact your Japan folks for further help in resolving this.