Why is SSL-VPN answering on different secondary IP Addresses?

I have the following IP's assigned by my ISP:
24.173.163.1: Internet Gateway
24.173.163.2: Internet access
24.173.163.3: Secondary network IP, not in use
24.173.163.4: Configured as the external IP for inbound SSL-VPN access
24.173.163.5: Secondary network IP, not in use
24.173.163.6: not in use
My users can connect with SSL-VPN to IP 24.173.163.4 but I'm also able to connect with the .3 and .5 addresses. The 24.173.163.4 address is the only one specified in my SSL-VPN configuration, there is no backup address specified. Is this expected behavior or am I doing something wrong?

Best Answer

Answers

  • The default setting for the auto-created WatchGuard SSLVPN policy From: field is Any-external, not a specific external IP addr.
    If you want to limit the SSLVPN clients to only access desired IP addrs, then you need to modify the WatchGuard SSLVPN policy From: field as desired.

  • Bruce, I tried that. I set the From: field to be IP address 24.173.163.4. After that I could not connect at all.

  • What do you see in Traffic Monitor when you try the connection now?

  • That fixed it. Thanks Bruce.

Sign In to comment.