Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chethan_m
Collaborator
Jump to solution

Corporate Access - Users to Data center (Network) Unsuccessful

Hi Everyone,

 

I am practicing Harmony Connect on my Home lab and I have setup the Harmony connect for corporate access for users to access the internal resources.  I'm following the admin guide for deployment.

  1. Installed Ubuntu Server - Successful.
  2. Installed docker engine on the ubuntu server - Successful.
  3. Created a data center on Infinity portal and copied the connecter command - Successful.
  4. Installed the connector on the docker engine - Successful. -> Verified the IPsec VPN tunnels are successfully established between the cloud controller and the gateway (docker logs -f <connector-id> | grep -w tunnel) - Successful.
  5. Created a trusted user/device and installed the harmony connect client on the user machine - Successful.
  6. Both the secure network access and internet access are connected on the Harmony Connect App - Successful.
  7. Created the Network Access Control polices for (any source -> internal n/w) and installed the policy - Successful.
  8. Verified that bypass network doesn't overlap the internal n/w in focus - Successful.
  9. Traffic is sent via harmony connect virtual adapter towards its gateway on the connect client application (verified on wireshark) but the connection is not established, and I do not see any traffic on the connector side towards the destination (Internal resource) as well - Unuccessful.

 

In my virtual environment. This is how the network is:

Internet <--> VNET <interface1> Ubuntu Server Host/Docker [Connector] <interface2> <--> Ubuntu Web Server. 

Things I need to know is: 

  1. Must the Docker and the Internal resources be on the same sub-network, or can it be on different network?
  2. Should I point the gateway of my internal resources towards the docker interface or not? 

 

I will share any logs or screenshots if necessary.

 

Regards,

Chethan

 

Harmony Connect Harmony Solution Family Remote Access VPN 

0 Kudos
1 Solution

Accepted Solutions
chethan_m
Collaborator

Hi Andy,

 

Thanks for the reply.

The problem was not with our configuration. ICMP was working fine, we raised a TAC ticket and they had to change the MTU size on the Harmony Connect cloud gateways which then resolved the issue.

 

Regards,

Chethan

View solution in original post

4 Replies
Chris_Atkinson
Employee Employee
Employee

The answer to both is no as far as I'm aware.

Different subnets can be used and the internal resources should not be using the docker/connector as their default gateway.

CCSM R77/R80/ELITE
chethan_m
Collaborator

Thanks for the information. 

My Clientless Corporate Application sites (HTTP & SSH) for the same destination are working without any problem. I'm facing issue with Network Access only. I don't know which configuration I'm missing out. Will update the same.

0 Kudos
Andy_P
Employee
Employee

Hi.

1) Please check that you don't have network in bypass configuration for HC agent.

Harmony Connect App > setting > Harmony Connect agent > Bypass destinations.

2) You should also have traffic allowed in Network Access  policy.

3) Check that you can proper connectivity mode for HC agent

4) Check that network where connector is connected and all other networks you plan to reach are included in DC object.

If it won't help please contact me.

 

0 Kudos
chethan_m
Collaborator

Hi Andy,

 

Thanks for the reply.

The problem was not with our configuration. ICMP was working fine, we raised a TAC ticket and they had to change the MTU size on the Harmony Connect cloud gateways which then resolved the issue.

 

Regards,

Chethan

Upcoming Events

    CheckMates Events