Pinging remote site fails
We have been using VPN site to site connection for several years. Are users have been using gobal vpn client during this time. We are looking to start moving to SSL VPN with Netextender. In testing I found that pinging the remote sites do not work, the packets are dropped. Wondering if someone can point me in the direction to start looking on how to resolve this? We have no issue pinging when connected with global vpn client.
thanks
Best Answers
-
Tippers Newbie ✭
A couple of things to check, firstly is Management traffic allowed on your firewall rules from SSLVPN to VPN? I can't remember if these are created by default and the option is automatically enabled but worthwhile checking.
How are your users created? Are they local on the UTM or from LDAP? From my experience even though the client routes are added in the Default Device Profile you have to give the user VPN access either via the local user or group.
0 -
TKWITS Community Legend ✭✭✭✭✭
Check your SSLVPN to VPN (and VPN to SSLVPN) access rules...
0
Answers
Hi @MZUP,
Please check the below KB :
Regards
Nevyaditha P
Nevyaditha P
Technical Support Advisor, Premier Services
Hi Thanks for your reply. We have SonicOS 6.5 and under step 3 of the guide, I don't see option for Edit Users or a VPN Access tab.
Steps 1-2 are all set.
*Edit, I found it. Wasn't showing in IE. Switched to chrome and found it. However after doing these steps i still can't ping, yet the route is showing in netextender.
Yes the management traffic is allowed in the rules.
We use Radius with SSO and LDAP. The users are in the SSLVPN Services local group and given access to the remote hosts networks. Again I get the routes to be listed in netextender, but still can't ping them, nor connect to any mappings.
Can you ping from SSLVPN connected PC to LAN? But not from SSLVPN connected PC to IP address at spoke VPN destination?
Is it just ping traffic that doesn't pass to spoke VPN destination or can you test HTTP traffic for example?
Correct. I can ping on the segment I am connected to. The remote networks are not reachable. Below is what a colleague saw when trying to access remote network. Something about a policy being possible cause?
Hi I have not been able to do anything with this yet. Hoping this weekend and will let you know
thanks for all the input. I am not strong with the sonicwall configurations. Trying to learn
It was a rule from sslvpn to vpn and vice versa.
Thanks for the help
Feel free to mark as an answer.
You're welcome.
What were the rules that you had to change? I am having the same issue but my SSL to VPN and vice versa look correct
If you have the rules in place from ssl to vpn, then make sure that your destinations are correct in those rules.
Right now I basically have everything open from my SSLVPN range to the remote VPN network and it's saying that it refuses to connect when I try to access via HTTPS is there a specific port I need to specify when trying to access the firewall?
I have the service as any so I didn't specify anything specific. How about the client routes in the config settings of the SSL VPN Client Settings page? Do you have your subnets listed there.
Again I am a newbie on this so I am just stating what I have. May not be what is needed to fix your issue.
Yea I have all my networks in the client routes and in the local user that we had set up
So you have your remote VPN network/range object setup and included in the SSL-VPN Client Profile and then also included on the VPN Access tab for your local user?
If so, what happens if you run a packet capture filtering on the source or destination IP and trying to access the IP in your VPN network from the SSL-VPN.