cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
905
Views
2
Helpful
14
Replies

Access to RA VPN web interface from internal

I cant access to RA VPN web interface from my internal network but from external interface everything works fine, do i need to create some nat rule or something else can you give me example?

1 Accepted Solution
14 Replies 14

@sherali mamatkarimov 

Enable SSL-VPN on the inside interface. Example (just replace the nameif if it is not INSIDE).

webvpn
enable INSIDE

Alternatively if you are using IKEv2/IPSec

crypto ikev2 enable INSIDE

 You can then connect to the inside IP address to establish an RAVPN.

Can i do this from FMC or where?

Share config let me check 

MHM

123.png

Here i enabled to access ra vpn from 2 outside networks

 

НщгНщ123.png

You mean this interface selection but i have tried to add inside interfaces, it doesn't work i have vlan inside interfaces

@sherali mamatkarimov on the FMC you have to specify the Zone the interface is a member of not the interface itself. Ensure your VLAN(s) are a member of a Zone and then add the Zone as a RAVPN Access Interfaces (as per screenshots above).

123.png231.png

As you said a have added inside vlan zone to access interface to RAVPN but i still can't web access. In web address i should write vlan interface gateway am i right? 

@sherali mamatkarimov yes, use the ip address of the vlan when connecting to the VPN.

Why even connect to the VPN from the inside network?

I just want to access to RA VPN web page to be able to download vpn client from inside network. I don't want to connect vpn from inside. i think i need some nat rule but i don't know how to do this

@sherali mamatkarimov you don't need a NAT rule if you enable SSL-VPN on the inside interface and you connect from inside the network to the inside VLAN interface IP address, as traffic does not go through the FTD then.

From a web browser the user just connects to the inside interface VLAN IP address, logins and downloads the client. FYI, if the user is on the outside they can also connect to the outside IP address and download the client as well.

Ok i understand this but anyway i cant access to web site how can i troubleshoot this?

Colsen899
Level 1
Level 1

Enabling SSL-VPN on the inside interface is a solid move for secure connections. Whether using webvpn or IKEv2/IPSec, connecting to the inside IP address ensures a reliable and protected RAVPN setup.