topic Re: SSL VPN Routing in General Topics

SSL VPN Routing

cenders — Wed, 02 May 2012 02:32:35 GMT

Client SSL VPN configuration is working from client to server. The client can ping the server no problem. The server however, can not ping the client. What am I missing? The routes on the server appear to be correct, and I'm confident the packets are getting to the firewall but being dropped. I can't see them in the logs though... which to me screams like a routing issue. Any quick tips? Off to break out the manual...

Re: SSL VPN Routing

akhan — Wed, 02 May 2012 03:22:40 GMT

Since the client can ping the server, this does not seem to be a routing issue. This could be a security policy issue. Do you have a security policy that allows pings from the server to the client? Also, try the following:

1. Start a continuous ping from the server to the client.

2. Open a CLI session to PAN and run the following:

> show session all filter source <server-ip> destination <client-ip>

You should see some ping sessions here. Are they in the ACTIVE state or DISCARD state? If you see sessions in ACTIVE state, try disabling the windows firewall on the client if not already disabled.

Thanks,

Ahsan

Re: SSL VPN Routing

cenders — Wed, 02 May 2012 14:04:47 GMT

Result from that CLI is "no session active"...

Re: SSL VPN Routing

cenders — Wed, 02 May 2012 16:25:21 GMT

ok, my bad... mixup in the policies. Was odd that I didn't see it dropping in the logs and such, but it is figured out now.