SSL VPN client is connected and authenticated but can't access internal LAN resources
10/14/2021 1,842 People found this article helpful 519,203 Views
Description
NetExtender / Mobile Connect client is connecting, it receives correct IP however it can't access internal resources (LAN).
Cause
The user/group may not have access to LAN subnets or to the resource you're looking for
OR
The SSLVPN IP Pool is in the same subnet as X0.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Group Membership Check and VPN Access Check
- Login to your SonicWall management page and click Device tab on top of the page.
- Navigate to Users | Local Users & Groups page, click Local Groups tab.
- Click Members tab and make sure SSLVPN Services group is added under Member Users and Groups.
- If it is not part of that group, add SSLVPN Services group under Member Users and Groups as below.
- Click VPN Access tab and make sure LAN Subnets is added under Access list.
- Check if the packets sent to or from the SSLVPN client are dropped as IP Spoof check failed module network. See following KB on how to configure and utilize the Packet Monitor feature for troubleshooting.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Group Membership check
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Users | Local Users & Groups page, click Local Groups tab.
- Configure relevant user group to get Edit Group window.
- Click Members tab and make sure SSLVPN Services group is added under Member Users and Groups.
- If it is not part of that group, add SSLVPN Services group under Member Users and Groups as below.
- Group VPN Access check
- Login to your SonicWall management page and click Manage tab on top of the page.
- Navigate to Users | Local Users & Groups page, click Local Groups tab.
- Configure SSLVPN Services Group to get Edit Group window.
- Click VPN Access tab and make sure LAN Subnets is added under Access list.
- If it is not part of that group, add LAN Subnets under Access list as below.
TIP: On Gen6 devices the SSLVPN IP Pool used cannot overlap with any of the subnets used on the SonicWall.
How to Test:
Reconnect to SSL VPN using Net Extender.
Open a command line and try ping any device in LAN from a PC connected via NetExtender - you should receive a response.
If this does not fix your issue please reach out to our support team for additional assistance and let them know you used NetExtender 8.6.265 and the issue persists
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!
Related Articles
Categories
Was This Article Helpful?
YESNO