SSL VPN One direction ping
At this point I think I tried all of the tutorials, and have even tried different versions of net extender and now mobile connect. I created the separate subnet for SSLVPN (192.168.1.0), and on X0 I am using 192.168.168.0. I tried this with "LAN SUBNETS" on the user VPN routing, and also with "LAN PRIMARY SUBNET" on a different occasion. I created rules to pass all traffic (or so I think). I made a rule that said all SSLVPN allowed to all LAN SUBNETS for all services, and vice versa to try to get it to work. (I know that rule is probably a horrible security rule but I'm desperate)
DISCLAIMER: I am not a pro, this is my first time setting up a VPN or SSLVPN for that matter.
But no matter what combinations of things I try, I cannot get the remote device to ping anything on the LAN. However, I can ping the remote device from the LAN.
I tried doing packet monitor, and I can see packets from remote device to LAN device when remote device initiates ping and when LAN device initiates ping. But in both scenarios I cannot see the ping packet from LAN to SSLVPN, even when the ping is successful. I am not sure how to diagnose or test beyond this point.
Answers
Hello @SomeBodyElse,
Welcome to SonicWall community.
Could you please use a different SSLVPN IP pool like 10.11.11.0/24 as 192.168.1.x is the most common private subnet. Also, is this taking place for multiple clients? Have you tested this using a different ISP connection on the client side?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi, @SHIPRASAHU93
Thanks, I will change SSLVPN pool, and I will try with a different ISP on client side. I was using a cellular hotspot with laptop for 2nd ISP while testing, I will try to borrow neighbor's wifi today and test with that.
I'll report back after trying your suggestions.
Sure, Keep us posted!
Shipra Sahu
Technical Support Advisor, Premier Services
Ok, I did both of these, but no change. my remote device got assigned 10.11.11.1, and the computer on LAN that I am trying to ping is 192.168.168.80.
"route print" on the remote device looks correct, and packets are at least making it from remote device to the packet monitor log on the SonicWALL.
@SomeBodyElse,
What is the status of those packets? Please do a packet capture based on the source IP alone: 10.11.11.1 with Ether type as IP and IP type as: TCP, UDP, ICMP and share a screenshot here of the packet monitor if that's okay.
For real time assistance, you can reach out to our Support team.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Ok, I entered the parameters into the packet monitor, and cleared the log. Then I began recording, and I used remote device 10.11.11.1 to ping LAN device 192.168.168.169. I see some packets between the remote device and 192.168.168.80, but I am not sure what that is about, I was not pinging that computer or using it. I have also disabled all of my custom NAT policies during testing, and am using the autogenerated rules.
@SomeBodyElse,
Please try the following. Try to ping 192.168.168.169 from Investigate | System Diagnostics | Select ping in the diagnostic tool and see if that works. If it does, please add the following NAT policy and test the pings from the SSLVPN client.
Original source: SSLVPN IP pool (10.11.11.x)
Translated source: X0 IP
Original Destination: X0 subnet
Translated destination: Original
Original service: Any
Translated service: Original
Inbound Interface: Any
Outbound Interface: Any
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services