SSL - VPN bidirectional ?

Security Gateway Discussions
Post Reply
THaala
Posts: 28
Joined: 13 Jun 2008, 15:21

SSL - VPN bidirectional ?

Post by THaala » 11 Aug 2011, 11:04

Hello Users,

after i can successfully establish SSL - VPN with Clavister on roaming PC's it might be useful to ask whether it is possible to
get access from company (inside) to the PC a SSL-VPN user is using.

Most of my colleagues are no network professionals. Often they need help while first time installation and in case i need to reach their PC with a remote desktop or VNC (in a manner like Teamviewer) to have a look to thier problems.

Currently a ping in the opposite direction doesn't work. Is it possible to enable access to SSL-VPN connected PC in the "wrong" way ?
if yes how ?

cheers,
Thaala

Peter
Posts: 657
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: SSL - VPN bidirectional ?

Post by Peter » 15 Aug 2011, 13:48

Hello.

You say that ping in the opposite direction does not work? How do your rule look like that allows that ping?

As far as i know you only need to allow traffic in the other direction in order to get it to work.

So if it looks like this now:

Code: Select all

Allow SSL-VPN SSL-Pool Lan Lannet Service=all
You need a second "reverse" rule to allow e.g. ICMP:

Code: Select all

Allow SSL-VPN SSL-Pool Lan Lannet Service=all
Allow Lan Lannet SSL-VPN SSL-Pool Service=ICMP
Best regards
/Peter

THaala
Posts: 28
Joined: 13 Jun 2008, 15:21

Re: SSL - VPN bidirectional ?

Post by THaala » 22 Sep 2011, 09:00

Hello Peter,

you are right. After i have allowed traffic you described - it works...

Thank you

wahiba
Posts: 11
Joined: 14 May 2019, 11:48

Re: SSL - VPN bidirectional ?

Post by wahiba » 31 May 2019, 02:15

i did the VPN SSL config and got the remote client connected to the firewall, but no trafic passe through the vpn, notice that i allowed rules like mentionned above, do you have any remarques or recommandation please?

Peter
Posts: 657
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: SSL - VPN bidirectional ?

Post by Peter » 27 Jun 2019, 13:15

My recommendation would be to first check the logs in the Firewall, it should give you some clues as to what the problem could be. Connect with your VPN client, check with IP the client gets from the IP pool, then search for that IP in the logs. Or maybe search for a destination IP the client is trying to reach.

Best regards
/Peter

Post Reply