配置做完以后,vpn客户端可以正常拨号,IP也可以获取,但是ping不通sslvpn网关和内网地址
(0)
最佳答案
1.先检查一遍配置,尤其是域间策略是否放通了。
2.把inode客户端升级到最新版本,有些版本可能有兼容问题。
下载链接:https://www.h3c.com/cn/Service/Document_Software/Software_Download/IP_Management/
公用账号:yx800/01230123
(0)
我上传了附件,你看一下,换了最新版本,反而拨号不成功了
nat address-group 1 address 1.192.147.34 1.192.147.34 # nat address-group 171 address 171.8.6.154 171.8.6.154 # object-group service 8000 0 service tcp destination eq 8000 # interface GigabitEthernet1/0/1 port link-mode route description Internet ip address 171.8.6.154 255.255.255.0 ip address 1.192.147.34 255.255.255.0 sub nat outbound 3000 address-group 1 nat server protocol tcp global 171.8.6.154 83 inside 172.16.1.253 83 nat server protocol tcp global 171.8.6.154 88 inside 172.16.1.253 80 nat server protocol tcp global 171.8.6.154 554 inside 172.16.1.253 554 nat server protocol tcp global 171.8.6.154 559 inside 172.16.1.253 559 nat server protocol tcp global 171.8.6.154 655 inside 172.16.1.253 655 nat server protocol tcp global 171.8.6.154 1935 inside 172.16.1.253 1935 nat server protocol tcp global 171.8.6.154 4001 inside 172.16.1.253 4001 nat server protocol tcp global 171.8.6.154 4433 inside 172.16.1.253 4433 nat server protocol tcp global 171.8.6.154 5062 inside 172.16.1.253 5062 nat server protocol tcp global 171.8.6.154 5100 5899 inside 172.16.1.253 5100 5899 nat server protocol tcp global 171.8.6.154 6008 6009 inside 172.16.1.253 6008 6009 nat server protocol tcp global 171.8.6.154 6304 inside 172.16.1.253 6304 nat server protocol tcp global 171.8.6.154 6720 inside 172.16.1.253 6720 nat server protocol tcp global 171.8.6.154 7018 inside 172.16.1.253 7018 nat server protocol tcp global 171.8.6.154 7087 inside 172.16.1.253 7087 nat server protocol tcp global 171.8.6.154 7099 inside 172.16.1.253 7099 nat server protocol tcp global 171.8.6.154 7100 inside 172.16.1.253 7100 nat server protocol tcp global 171.8.6.154 7302 inside 172.16.1.253 7302 nat server protocol tcp global 171.8.6.154 7314 inside 172.16.1.253 7314 nat server protocol tcp global 171.8.6.154 7660 inside 172.16.1.253 7660 nat server protocol tcp global 171.8.6.154 7661 inside 172.16.1.253 7661 nat server protocol tcp global 171.8.6.154 8001 inside 172.16.1.253 8001 nat server protocol tcp global 171.8.6.154 8030 inside 172.16.1.253 8030 nat server protocol tcp global 171.8.6.154 8064 inside 172.16.1.253 8064 nat server protocol tcp global 171.8.6.154 8173 inside 172.16.1.253 8173 nat server protocol tcp global 171.8.6.154 8601 8603 inside 172.16.1.253 8601 nat server protocol tcp global 171.8.6.154 15000 16999 inside 172.16.1.253 15000 16999 nat server protocol tcp global 171.8.6.154 17000 inside 172.16.1.253 17000 nat server protocol tcp global 171.8.6.154 20000 21999 inside 172.16.1.253 20000 21999 nat server protocol udp global 171.8.6.154 123 inside 172.16.1.253 123 nat server protocol udp global 171.8.6.154 4433 inside 172.16.1.253 4433 nat server protocol udp global 171.8.6.154 5060 inside 172.16.1.253 5060 nat server protocol udp global 171.8.6.154 5100 5899 inside 172.16.1.253 5100 5899 nat server protocol udp global 171.8.6.154 7100 inside 172.16.1.253 7100 nat server protocol udp global 171.8.6.154 7110 inside 172.16.1.253 7110 nat server protocol udp global 171.8.6.154 7660 inside 172.16.1.253 7660 nat server protocol udp global 171.8.6.154 7661 inside 172.16.1.253 7661 nat server protocol udp global 171.8.6.154 15000 16999 inside 172.16.1.253 15000 16999 nat server protocol udp global 171.8.6.154 20000 21999 inside 172.16.1.253 20000 21999 undo dhcp select server # interface GigabitEthernet1/0/14 port link-mode route description NeiWang ip address 172.16.1.254 255.255.255.0 # interface SSLVPN-AC0 ip address 172.16.2.1 255.255.255.0 # object-policy ip Any-Any rule 0 pass # object-policy ip Local-SSLVPN rule 0 pass # object-policy ip Local-Untrust rule 0 pass # object-policy ip SSLVPN-Local rule 0 pass # object-policy ip SSLVPN-Trust rule 0 pass # object-policy ip Trust-SSLVPN rule 0 pass # object-policy ip Untrust-Local rule 0 pass # security-zone name Local # security-zone name Trust import interface GigabitEthernet1/0/14 # security-zone name DMZ # security-zone name Untrust import interface GigabitEthernet1/0/1 # security-zone name Management import interface GigabitEthernet1/0/0 # security-zone name SSLVPN import interface SSLVPN-AC0 # zone-pair security source Any destination Any object-policy apply ip Any-Any # zone-pair security source Local destination SSLVPN object-policy apply ip Local-SSLVPN # zone-pair security source Local destination Untrust object-policy apply ip Local-Untrust # zone-pair security source SSLVPN destination Local object-policy apply ip SSLVPN-Local # zone-pair security source SSLVPN destination Trust object-policy apply ip SSLVPN-Trust # zone-pair security source Trust destination SSLVPN object-policy apply ip Trust-SSLVPN # zone-pair security source Untrust destination Local object-policy apply ip Untrust-Local # ip route-static 0.0.0.0 0 1.192.147.1 ip route-static 0.0.0.0 0 171.8.6.1 # 、 acl advanced 3000 rule 5 permit ip source 172.16.1.0 0.0.0.255 # acl advanced 3999 rule 0 permit ip destination 172.16.1.0 0.0.0.255 # local-user user1 class network password cipher $c$3$qVAuaoYW/PyeUap5uT0wUj2fdzDZsYpz service-type sslvpn authorization-attribute user-role network-operator authorization-attribute sslvpn-policy-group SSLVPNZIYUAN # sslvpn ip address-pool ssvpn 172.16.2.2 172.16.2.254 # sslvpn gateway vpngat ip address 171.8.6.154 port 8000 service enable # sslvpn context sslvpn gateway vpngat ip-tunnel interface SSLVPN-AC0 ip-tunnel address-pool ssvpn mask 255.255.255.0 ip-tunnel dns-server primary 114.114.114.144 port-forward 8001 port-forward 8080 ip-route-list neiwang include 172.16.1.0 255.255.255.0 policy-group SSLVPNZIYUAN filter ip-tunnel 3999 ip-tunnel access-route ip-route-list neiwang service enable #
好了好了,感谢,版本的问题,谢谢
1.可以确认下是否可以telnet 网关 端口
2.检查对端SSL VPN网关的功能是否开启了
3.检查对端SSL VPN网关的功能是否开启了
(0)
客户端一切正常,能正常拿到ip,就是ping不通内网ip
网关是正常的,要不然拨号也拨不成功啊?
客户端一切正常,能正常拿到ip,就是ping不通内网ip
换了最新的版本后,反而无法拨号了
(0)
新版本indoe支持协议是TLS1.2.可以看下防火墙侧TLS是哪个版本
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
好了好了,感谢,版本的问题,谢谢