LAN‑Initiated Connections to Remote Access VPN Clients (Office Mode IP) Not Working

DominusRex23 — Wed, 29 Apr 2026 05:02:19 GMT

We are unable to establish LAN‑initiated connections to Remote Access VPN clients using Office Mode IPs. ICMP traffic from LAN to remote users is accepted and encrypted in the RemoteAccess community, but there is no reply from the remote users back to the LAN.

In SmartConsole we configured rules to allow traffic from the LAN server to the Office Mode IP pool, and logs confirm the traffic is encrypted and allowed. We also enabled “Enable Back Connections” in Global Properties, but the outcome remains the same. Disabling the internal firewall on the remote client did not resolve the issue.

Has anyone successfully configured LAN‑to‑Remote Access back connections? Is there a recommended Access Policy setup or directional match condition that allows LAN hosts to initiate traffic toward Office Mode clients while maintaining proper VPN enforcement?

Re: LAN‑Initiated Connections to Remote Access VPN Clients (Office Mode IP) Not Working

Chris_Atkinson — Wed, 29 Apr 2026 09:09:37 GMT

Have you accounted for things like the default automatic NAT that is applied to the office mode address pool object & anti-spoofing etc?

topic Re: LAN‑Initiated Connections to Remote Access VPN Clients (Office Mode IP) Not Working in SASE and Remote Access

LAN‑Initiated Connections to Remote Access VPN Clients (Office Mode IP) Not Working

Re: LAN‑Initiated Connections to Remote Access VPN Clients (Office Mode IP) Not Working