Reach server behind site-to-site vpn from SSLVPN
Arne
Newbie ✭
Hi,
I have a site-to-site connection between my firewall (TZ370 HA) and 10.1.1.0/24. That is working fine.
Now I want to reach that network from behind my sslvpn connection, but my firewall is dropping my packets (Drop Code 727 Packet dropped policy drop)
Ethernet Header
Ether Type: IP(0x800), Src=[00:11:22:33:44:55], Dst=[2e:b8:ed:c0:39:11]
IP Packet Header
IP Type: ICMP(0x1), Src=[10.123.10.100], Dst=[10.1.1.15]
ICMP Packet Header
ICMP Type = 8(ECHO_REQUEST), ICMP Code = 0, ICMP Checksum = 18543
Value:[1]
DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2722_qpmjdzDifdl) 3:3)
I have following Access rules:
SSLVPN => VPN from:10.123.10.100 to:10.1.1.0/24 allow
VPN => from:10.1.1.0/24 to:10.123.10.100 allow
Am i missing something?
Client <=> SSLVVPN <=> TZ370 <=> SITE-TO-SITE VPN <=> REMOTE SERVER
Thanks
Answers
Is the remote subnet listed in the Client Routes of the SSLVPN Client config? Is the remote subnet listed in the allowed VPN access list of the user?
Both yes.
Is the remote side aware of the SSLVPN Client subnet? Run a packet capture to see where the traffic is ending up...
Hi @TKWITS , thanks for the support!
We had to add the sslvpn subnet also to the site-to-site tunnel
Sonicwall sent me the answer: How can I allow ssl vpn user to access the remote network across site to site vpn? | SonicWall