SSL - VPN bidirectional ?

[THaala]

Hello Users,

after i can successfully establish SSL - VPN with Clavister on roaming PC's it might be useful to ask whether it is possible to
get access from company (inside) to the PC a SSL-VPN user is using.

Most of my colleagues are no network professionals. Often they need help while first time installation and in case i need to reach their PC with a remote desktop or VNC (in a manner like Teamviewer) to have a look to thier problems.

Currently a ping in the opposite direction doesn't work. Is it possible to enable access to SSL-VPN connected PC in the "wrong" way ?
if yes how ?

cheers,
Thaala

[Peter]

Hello.

You say that ping in the opposite direction does not work? How do your rule look like that allows that ping?

As far as i know you only need to allow traffic in the other direction in order to get it to work.

So if it looks like this now:

Code: Select all

Allow SSL-VPN SSL-Pool Lan Lannet Service=all

You need a second "reverse" rule to allow e.g. ICMP:

Code: Select all

Allow SSL-VPN SSL-Pool Lan Lannet Service=all
Allow Lan Lannet SSL-VPN SSL-Pool Service=ICMP

Best regards
/Peter

[THaala]

Hello Peter,

you are right. After i have allowed traffic you described - it works...

Thank you

[wahiba]

i did the VPN SSL config and got the remote client connected to the firewall, but no trafic passe through the vpn, notice that i allowed rules like mentionned above, do you have any remarques or recommandation please?

[Peter]

My recommendation would be to first check the logs in the Firewall, it should give you some clues as to what the problem could be. Connect with your VPN client, check with IP the client gets from the IP pool, then search for that IP in the logs. Or maybe search for a destination IP the client is trying to reach.

Best regards
/Peter