SSLVPN 接入进来获取不到网关地址

网卡显示是正常的，就是这样，不显示网关。

看下终端路由表情况

仔细检查呀

你没看到网卡设置成手工ip了吗？

sslvpn获取不到网关是正常的，他是将访问业务直接写到终端路由表内的，使用route print在cmd内可以查看

您好，当您在防火墙配置的SSLVPN成功接入后，无法获取到网关地址或无法互联互通时，可以按照以下步骤进行排查和解决：

1. 检查SSLVPN网关配置

网关IP地址和端口号：确保SSLVPN网关的IP地址和端口号配置正确。如果443端口与HTTPS端口冲突，可以修改为其他端口（如4433）。

[H3C] sslvpn gateway
[H3C-sslvpn-gateway-SSLVPNGW] ip address 222.1.1.100 port 4433
[H3C-sslvpn-gateway-SSLVPNGW] service enable
[H3C-sslvpn-gateway-SSLVPNGW] quit

2. 检查SSLVPN接口配置

SSLVPN接口IP地址：确保SSLVPN接口的IP地址配置正确，且不与内网网段冲突。

[H3C] interface SSLVPN-AC 1
[H3C-SSLVPN-AC1] ip address 10.10.10.1 255.255.255.0
[H3C-SSLVPN-AC1] quit

3. 检查地址池配置地址池：确保SSLVPN客户端地址池配置正确。

[H3C] sslvpn ip address-pool SSLPOOL 10.10.10.2 10.10.10.254

4. 检查ACL配置ACL规则：确保ACL规则允许SSLVPN用户访问内网资源。

[H3C] acl advanced 3999
[H3C-acl-ipv4-adv-3999] rule permit ip destination 192.168.10.0 0.0.0.255
[H3C-acl-ipv4-adv-3999] quit

5. 检查SSLVPN实例配置SSLVPN实例：确保SSLVPN实例配置正确，引用了正确的网关、接口、地址池和ACL规则。

[H3C] sslvpn context SSLVPN
[H3C-sslvpn-context-SSLVPN] gateway SSLVPNGW
[H3C-sslvpn-context-SSLVPN] ip-tunnel interface SSLVPN-AC1
[H3C-sslvpn-context-SSLVPN] ip-tunnel address-pool SSLPOOL mask 255.255.255.0
[H3C-sslvpn-context-SSLVPN] ip-tunnel dns-server primary 114.114.114.114
[H3C-sslvpn-context-SSLVPN] ip-route-list NEIWANG
[H3C-sslvpn-context-SSLVPN-route-list-NEIWANG] include 192.168.10.0 255.255.255.0
[H3C-sslvpn-context-SSLVPN] policy-group SSLVPNZIYUAN
[H3C-sslvpn-context-SSLVPN-policy-group-SSLVPNZIYUAN] filter ip-tunnel acl 3999
[H3C-sslvpn-context-SSLVPN-policy-group-SSLVPNZIYUAN] ip-tunnel access-route ip-route-list NEIWANG
[H3C-sslvpn-context-SSLVPN-policy-group-SSLVPNZIYUAN] quit
[H3C-sslvpn-context-SSLVPN] service enable
[H3C-sslvpn-context-SSLVPN] quit

6. 检查安全策略配置安全策略：确保安全策略允许SSLVPN流量通过。

[H3C] security-policy ip
[H3C-security-policy-ip] rule 5 name Untrst-Local
[H3C-security-policy-ip-5-Untrst-Local] action pass
[H3C-security-policy-ip-5-Untrst-Local] source-zone Untrust
[H3C-security-policy-ip-5-Untrst-Local] destination-zone Local
[H3C-security-policy-ip-5-Untrst-Local] service 4433
[H3C-security-policy-ip-5-Untrst-Local] quit
[H3C-security-policy-ip] rule 10 name SSLVPN-Trust
[H3C-security-policy-ip-10-SSLVPN-Trust] action pass
[H3C-security-policy-ip-10-SSLVPN-Trust] source-zone SSLVPN
[H3C-security-policy-ip-10-SSLVPN-Trust] destination-zone Trust
[H3C-security-policy-ip-10-SSLVPN-Trust] quit

7. 检查SSLVPN用户配置SSLVPN用户：确保SSLVPN用户配置正确，关联了正确的资源组。

[H3C] local-user user1 class network
[H3C-luser-network-user1] password simple user1
[H3C-luser-network-user1] service-type sslvpn
[H3C-luser-network-user1] authorization-attribute sslvpn-policy-group SSLVPNZIYUAN
[H3C-luser-network-user1] quit

是不获取的，如果获取的话，电脑会出现两条默认理由，有可能上网会走vpn出去了，反而有问题，vpn会给电脑下发静态路由。

互联不通，先检查电脑上的路由表：cmd上route print可以看到获取的静态路由，静态路由就是你配的ip-route-list xxx里面的那几条，如果你要访问的的网段的路由，检查防火墙的安全策略，有没有允许vpn网段访问特定网段