add additional network behind VPN [solved]

Hello everyone,

we are using M4600 12.8.1 and SSL VPN. We have already added some external hosts, which should be routed via VPN. Now I need to add one more host - done, but it doesn't appear in the routing table. What should I do after adding a host to "allowed network addresses"? Maybe I'm missing something?

Thank you in advance!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    -If the addresses are showing up under "Allowed Network Addresses"
    You will need to disconnect from the SSLVPN and reconnect to it. Routes are processed during the login/tunnel building stage.

    -If the addresses aren't showing up under "Allowed Network Addresses"
    --Try upgrading the firewall to a newer version. Latest version is 12.10, and includes a number of security fixes as well.
    --Try using WatchGuard System Manager. If there's an issue in the browser causing that dialogue to not display correctly, this will usually get around it.
    --Make sure you're not using any javascript or similar blockers on the local admin page.

    Also, ensure you press save at the bottom of the page when adding routes, the system will not save them unless you do this.

    -James Carson
    WatchGuard Customer Support

  • Did the SSLVPN client get disconnected and then reconnected after the Allowed Resource was added and saved to the firewall?

    Did the SSLVPN client get the updated config file successfully?
    Take a look at the SSLVPN client logs. In Windows, right click on the SSLVPN client "W" in the System Tray, and select View Logs.
    The routes added should be listed after this line:
    ,ADD_ROUTES,,,,,

  • Hello James and Bruce,

    • yes, I clicked Save after adding new route (yes, it is shown in the "Allowed Network Addresses"
    • yes, the VPN-Client was disconnteted and connected again, but no new route has been added. That's why I wrote this post.
    • I'm checking other questions
  • question: does .ovpn file have routing information? I've opened it in text editor - didn't find any routes.

  • No - the routes are dynamically added when the client connects to the firewall.

  • You can test the SSLVPN client from behind your firewall

  • We found the reason why new Route was not adding: we added it to the SSL VPN, but user uses IPSec VPN....

Sign In to comment.