防火墙内网资源不通

iNode已经能够正常拨入sslvpn，但是只能与SSLVPN-AC 1网关地址互通，无法访问内网资源及防火墙侧无法访问192.168.123.1的地址只能访问254的网关地址

#

interface Route-Aggregation1.403

 description FOR-SSLVPN

 ip address 116.148.180.126 255.255.255.252

 vlan-type dot1q vid 403

#

interface SSLVPN-AC1

 ip address 192.168.123.254 255.255.255.0

#

security-zone name Untrust

 import interface Route-Aggregation1.403

 import  interface  SSLVPN-AC 1

#

#

sslvpn ip address-pool SSLVPN-POOL 192.168.123.1 192.168.123.10

#

sslvpn gateway ssl_gatway

 ip address 116.148.180.126 port 6443

 service enable

#

sslvpn context sslvpn

 gateway ssl_gatway domain domainip

 ip-tunnel interface SSLVPN-AC1

 ip-tunnel address-pool SSLVPN-POOL mask 255.255.255.0

 ip-tunnel dns-server primary 114.114.114.114

 ip-tunnel dns-server secondary 8.8.8.8

 web-access ip-client auto-activate

 ip-route-list rlist

  include 5.24.1.0 255.255.255.128

  include 116.148.180.0 255.255.255.128

 policy-group nbcdn-any

  ip-tunnel access-route ip-route-list rlist

  ip-tunnel address-pool SSLVPN-POOL mask 255.255.255.0

 verify-code enable

 log user-login enable

 log resource-access enable

 force-logout max-onlines enable

 service enable

#

object-group ip address ssl_vpn_user

 0 network subnet 192.168.123.0 255.255.255.0

#

security-policy ip

 rule 500 name SSLVPN_to_Trust

  action pass

  source-ip ssl_vpn_user

  destination-zone Trust

#

 rule 501 name Trust_to_SSLVPN

  action pass

  source-zone Trust

  destination-ip ssl_vpn_user

#