Mobile SSL VPN users can't access local resources

NuttyChuckNuttyChuck
in Firebox - VPN Mobile User

I don't know what I'm missing, but I don't seem to find it. I set up Mobile VPN with SSL to connect to our T85. The Virtual IP Address Pool has 10.10.10.0/24 and the LAN has 192.168.210.0/24. We need all traffic going in both ways, so that VPN users can access local resources like our printers, and local resources (like laptops) can access remote resources.

I created a rule so that the SSLVPN_Users group has access to Any. In the Mobile VPN (SSL) configure page, I enabled the "Allow access to all Trusted, Optional, and Custom networks". Unfortunately, this doesn't seem to work.

I also tried creating a separate Dynamic NAT rule to translate the Virtual IP Address Pool to Trusted, but no success either.

What am I missing? I've been looking at this issue too long now to even know front from back 😅

Thanks in advance!

Comments

  • Bruce_BriggsBruce_Briggs

    What can't be accessed from a SSLVPN user?

    If you have a domain at your main site, a SSLVPN user when connected is not logged into the domain.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @NuttyChuck

    The most common reason users can't access resources is that they're not in the correct group (which is "SSLVPN_Users" by default.)

    -Do you see any deny messages related to the 10.10.10.x network when your users attempt to access resources?

    -I see that you have changed the SSLVPN from 192.168.113.x to the 10.10.10.x network -- is this conflicting with any other network on your firewall? If so, the entire address space needs to be unique for that network (it can't overlap with any existing network.)

    If the above questions don't help, I'd suggest opening a support case by clicking the support center link at the top right of this page.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.