Create a Post
Showing results for 
Search instead for 
Did you mean: 

RAVPN Routing Issue

Hi Checkmates,

so currently my cust on cluster mode and  enable RAVPN. but i facing an issue when remote user connect vpn they are cant reach to internal network.

for office mode if we use x.x.x.x/24 do we need to add this segment for routing table on each gateway? or routing for office mode will automatically enable?

since user could connect to vpn i think there is no issue for vpn configuration, or do i need to check something in remote access config?

then, does users when they connect to vpn automatically get full tunnel config by default? or need to config manually for this?



0 Kudos
2 Replies

Yes, you need routing, its not automatic for RA. Also, verify output of route print on the client from cmd.

0 Kudos

Here are the few things you need to check while configuring the RA VPN:

++ IPSEC blade enabled.
++ GW object --> VPN client --> Office mode:
> Allow Office Mode to all users.
> Select the Manual Office Pool. If cluster then GW object --> Cluster Member --> Edit GW object --> VPN --> Check the Office Manual Office Mode.
++ GW object --> VPN client --> Remote Access --> Check Support Mode.
++ Ensure Gateway is added in the Remote Access community.
++ "All users*" should be allowed under the same Remote Access community.
++ Encryption domains should be defined then only you all access destination resources over RA VPN.

GW object --> Expand Network Management --> VPN domain --> Set specific domain for community --> Remote access and set the Network group.
++ Access which allows traffic from the Office Mode pool towards the destination which you want to access.

Basic T-shoot/Check:
++ Once the user has authenticated check "cmd> route print".
This output should show the destination IP route towards Office Mode IP, which destination IP traffic will go over the VPN towards the gateway.
++ Check Smart console logs for the same connection. It should be allowed on the access rule and under the same you can get an interface where this traffic is handled.
++ Usually you do not need any routing changes but ensure the gateway should be reached destination resources than on RAVPN client can access the resources.