vpn issue


We have ssl vpn configured for our users.

When connected to our office we can connect to a internal intranet site.

When connected to the vpn we can ping the site however we can't access it.

The issue seems to be that tcp port 80 is not accesible when connected to it.

Does anyone have any idea how to resolve please?

Best Regards


  • Options

    Are you accessing it via the internal IP addr of the site or the public IP addr?
    If via the public IP addr, have you set up NAT loopback for this access?

    NAT Loopback and Static NAT (SNAT)

  • Options

    Hi Bruce > we use the internal ip address

  • Options

    What do yo see in Traffic Monitor when this access is tried?

    You can turn on Logging on a policy such as the "Allow SSLVPN-Users" or whatever policy that allows SSLVPN users to access this site, to see packets allowed by the policy in Traffic Monitor.

    Are there any controls on the web server to prevent access from selected IP addrs/subnets?

    Perhaps this is a MTU issue.
    You could try setting the MTU of your web server to 1400, and see if that addresses the issue.

  • Options


    The intranet site is controlled by our head office in Japan - so I guess it could be something related so controls as it works from our internal ip range but not the vpn range.

    This is what I see from the traffic monitor

    2024-02-06 14:00:55 Allow http/tcp 64490 80 tun0 Trusted Allowed 52 127 (Allow SSLVPN-Users-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 8 S 1200124172 win 61690" src_user="xxxxxl" Traffic

  • Options

    Since the log message indicates that TCP port 80 packet is being forwarded to the web server, you need to contact your Japan folks for further help in resolving this.

Sign In to comment.