ā07-05-2021 12:00 AM
Hi,
we're trying to implement a new ftd 2120 in our network. It should replace an old ASA 5505(same ip-addresses).
We've tried it last weekend, it worked so far but we had trouble with the traffic coming from a seperate vpn-gw in the DMZ to our proxy server in the dmz.
From the proxy it was possible to ping the vpn-client but the vpn client wasn't able to reach the proxy. The access controll policies were set to go through while we tried to find the issue. On the ftd you didn't get any hitcounts. The vpn clients are able to reach all the servers in our network that coultd be reached without the proxy. I' ve painted a little sketch.
Any Idea?
Best Regards
Michael
ā07-05-2021 05:21 AM
Make sure proxy have routing table.
ā07-06-2021 03:45 AM
Hi BB,
I think when it is possible to reach the vpn-client via ping than there is a route.
I've had a look at the proxy, there is a default route.
But the vpn-client himself cannot make a connection to the proxy.
Best Regards
Michael
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: