01-17-2011 11:08 AM
(in english at the end)
Hallo,
Ich versuche hier ein SA520 so zu konfigurieren, das ich von außen über sslvpn zugreifen kann. Ich habe im sa520 den sslvpn server und sslvpb client so eingerichtet, wie im handbuch steht.
Aber ich kann immer nur vom Server auf den Clienten zugreifen, ich kann nicht vom Client auf den Server zugreifen. Der Router ist am WAN über ein DSL-Modem im Internet (PPPoE). LAN hat die Range 192.168.168.0/24.
Hier die Daten:
SSL-VPN-Server:
->Portal Layouts: SSLVPN-Standard-default
->SSL-VPN Policies: Global, all resources
->Resources: IP-Network: 192.168.168.0/24, all Ports
No Portforwarding, want to have a fulltunnel
SSL-VPN-Client:
->Address Range begin: 192.168.75.200
->Address Range End: 192.168.75.205
->LCP Timeout: 60 sec
no split
User angelegt als SSLVPN-User.
Wenn ich nun von außen auf die Webseite gehe (DDNS), kann ich mich anmelden, aber ich kann nur vom Server (also lokales LAN) auf den externen Clienten (192.168.75.201) zugreifen. Ich kann nicht vom Clienten auf mein lokales Lan (192.168.168.0/24) zugreifen.
Wo ist was falsch? Habe ich Adressen falsch eingetragen oder fehlt ein Routing irgendwo?
English:
Hi,
I'm trying to configure an SA520 so that I have access from the outside via SSL VPN. I setup the sa520 SSLVPN server and client as it is in the manual.
But I have only access from server to the client, I can not access from the client to the server. The WAN-Port of the Router is connected via a DSL modem to the internet (PPPoE). LAN has the range 192.168.168.0/24.
Here are the details:
SSL VPN server:
-> Portal Layouts: SSLVPN standard default
-> SSL-VPN Policies: Global, all resources
-> Resources: IP-Network: 192.168.168.0/24, all ports
No port forwarding, want to have a full tunnel
SSL-VPN client:
-> Address range begin: 192.168.75.200
-> Address Range End: 192.168.75.205
-> LCP timeout: 60 sec
no split
User created as SSLVPN users.
When I login now from outside on the website (DDNS) of my Router, I can login, but I can only see the client (192.168.75.201) from the server side (192.168.168.0/24). I can not see the server (local LAN 192.168.168.0) from the client side(192.168.75.201).
What is wrong? Do I have the addresses entered incorrectly ? missing routing somewhere?
Thanks for help or tips.
Pasadena
02-01-2011 08:38 AM
Pasadena01,
I think what you are saying it that if you do a ping from the client the echo request makes to the server; however the echo response from the server never makes it back to the client.
You may want to check the routing table on the server. Have you confirmed that it has either a default route pointed at the SA520 or a more specific route. You can check this by typing "netstat -rn" in a terminal window (DOS box/xterm window).
-Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide