Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tropicanaslim
Contributor

RAVPN Routing Issue

Hi Checkmates,

so currently my cust on cluster mode and  enable RAVPN. but i facing an issue when remote user connect vpn they are cant reach to internal network.

for office mode if we use x.x.x.x/24 do we need to add this segment for routing table on each gateway? or routing for office mode will automatically enable?

since user could connect to vpn i think there is no issue for vpn configuration, or do i need to check something in remote access config?

then, does users when they connect to vpn automatically get full tunnel config by default? or need to config manually for this?

 

Thankyou..

0 Kudos
2 Replies
the_rock
Legend
Legend

Yes, you need routing, its not automatic for RA. Also, verify output of route print on the client from cmd.

0 Kudos
girisht
Employee
Employee

Here are the few things you need to check while configuring the RA VPN:

Configuration:
++ IPSEC blade enabled.
++ GW object --> VPN client --> Office mode:
> Allow Office Mode to all users.
> Select the Manual Office Pool. If cluster then GW object --> Cluster Member --> Edit GW object --> VPN --> Check the Office Manual Office Mode.
++ GW object --> VPN client --> Remote Access --> Check Support Mode.
++ Ensure Gateway is added in the Remote Access community.
++ "All users*" should be allowed under the same Remote Access community.
++ Encryption domains should be defined then only you all access destination resources over RA VPN.

GW object --> Expand Network Management --> VPN domain --> Set specific domain for community --> Remote access and set the Network group.
++ Access which allows traffic from the Office Mode pool towards the destination which you want to access.

Basic T-shoot/Check:
++ Once the user has authenticated check "cmd> route print".
This output should show the destination IP route towards Office Mode IP, which destination IP traffic will go over the VPN towards the gateway.
++ Check Smart console logs for the same connection. It should be allowed on the access rule and under the same you can get an interface where this traffic is handled.
++ Usually you do not need any routing changes but ensure the gateway should be reached destination resources than on RAVPN client can access the resources.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events