Add VPN client route to destination that is connected via site-to-site vpn (Hardwarea)
PaulS83 Newbie ✭
I have two locations, (North / South) linked via site-to-site VPN and need to give a user access to resources at both locations, but I wanted to do so via a single NetExtender VPN connection.
I already have them up and running with what they need access to at the South location but in order for them to access a machine at the North facility, I think I need to add a route under SSL VPN Client Settings > Client Routes?
I can ping the IP from the North firewall via the diags page but is what I’m trying to do possible? I want to not have this user use two different VPN connections as both sites are linked via site-to-site.
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
This has been asked and answered many times.
Add the remote subnet to the SSLVPN Client Settings \ Client Routes (this will add the route to the end user machine once connected via NetExtender).
Add the remote subnet, or IP in the remote subnet, to the users VPN access in Local Users \ %USER% \ VPN access (this will grant the user access to the remote resource).
If you manually added Access Rules for the site to site VPN you will also have to add a rule to allow SSLVPN to VPN and vice versa.
I've done the first two steps but it hasn't worked. looking into your last step now.
The rules were auto created. Can't get it to work.
Is your VPN tunnel site to site or tunnel interface? Is your SSLVPN client subnet included in the site to site / route through tunnel?
Have you run a packet capture to determine where the packets are getting dropped?
VPN is site-to-site
"Is your VPN tunnel site to site or tunnel interface? Is your SSLVPN client subnet included in the site to site / route through tunnel?" NOt following you on this one. Is this what you're referring to?
Yes, the 'Local Networks' setting on the S2S VPN config. Does 'firewalled subnets' include the SSLVPN Client IP address range? I'm going to guess no.