VPN Client Routing
We have an NSA3600 in our main headquarters. We have a Site to Site VPN connection setup on the firewall for our ERP system located in the cloud. I have a consultant that has VPN access into your environment who needs to log into the VPN in order to be on our system & be able to access data on the cloud ERP. He needs to have his IP address show as our gateway/network and not his home office IP in order to be allowed onto the ERP system. I currently have Split Tunnel set on the Wan Group VPN Client connection which I believe is causing the issue for his IP but if I change that it seems to cause network issues at our office. Would the checkbox for "Set Default Route as this gateway" need to be checked or could that cause issues in office also? I'm probably overthinking how to accomplish what I need.
Thanks
Answers
Hi ChrisLakeErie , first question, if he is connecting to your site which then has a Site to Site tunnel to the ERP it should be showing as coming from your Internal network when he gets DHCP on his GVPN client so the public IP address he is coming from shouldn't be an issue.
If for some reason he is conecting to the ERP via it's public FQDN or IP, then on the consultants user settings under Local Users/ VPN access add the remote Public IP (Not the FQDN) of the ERP to the VPN Access, then make sure under the Access rules from VPN to WAN to allow a rule the the remote IP, then create a NAT policy as below, if needed you can change the original Destination to the ERP Public IP.
This is presuming X1 is your WAN if it is different change accordingly
get him to log back in and try again to access the ERP.