Why i can't access SSL VPN on different network. i can ping IP WAN FW from another segment
#
Interface Vlanif1
ip address 192.168.1.1 255.255.255.0
alias VLAN-Default
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage ssh permit
service-manage telnet permit
#
interface GigabitEthernet1/0/3
undo shutdown
ip address 1.1.1.1 255.255.255.0
alias Global-VPN
service-manage https permit
service-manage ping permit
dhcp select interface
dhcp server ip-range 1.1.1.1 1.1.1.3
dhcp server gateway-list 1.1.1.1
#
interface GigabitEthernet1/0/4
undo shutdown
ip address 10.2.2.1 255.255.255.0
alias VPN
service-manage ping permit
#
firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/4
add interface GigabitEthernet1/0/7
add interface GigabitEthernet1/0/6
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
add interface GigabitEthernet1/0/3
add interface GigabitEthernet1/0/5
#
firewall zone dmz
set priority 50
#
firewall zone name Mgmt id 7
set priority 2
add interface Vlanif1
#
ip route-static 192.168.10.0 255.255.255.0 GigabitEthernet1/0/3 1.1.1.2 preference 253
#
stelnet server enable
#
firewall mac-binding 192.168.200.123 028c-4426-62cc vid 2
#
v-gateway firewall interface GigabitEthernet1/0/3 private
v-gateway firewall alias firewall
#
#
user-interface maximum-vty 8
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
acl 2000 inbound
authentication-mode aaa
user-interface vty 5 7
authentication-mode aaa
user-interface vty 16 20
#****BEGIN***firewall**1****#
v-gateway firewall
basic
dns-server 202.137.3.110 202.137.3.111
ssl version tlsv10 tlsv11 tlsv12
ssl timeout 5
ssl lifecycle 1440
ssl ciphersuit custom aes256-sha non-des-cbc3-sha non-rc4-sha non-rc4-md5 aes128-sha non-des-cbc-sha
service
web-proxy enable
web-proxy web-link enable
web-proxy link-resource webmail http://10.2.2.10 show-link
network-extension enable
network-extension keep-alive enable
network-extension keep-alive interval 120
network-extension netpool 10.2.2.2 10.2.2.10 255.255.255.0
netpool 10.2.2.2 default
network-extension mode manual
network-extension manual-route 10.2.2.0 255.255.255.0
security
policy-default-action permit vt-src-ip
certification cert-anonymous cert-field user-filter subject cn group-filter subject cn
certification cert-anonymous filter-policy permit-all
certification cert-challenge cert-field user-filter subject cn
certification user-cert-filter key-usage any
undo public-user enable
hostchecker
cachecleaner
role
role default condition all
role default network-extension enable
role default web-proxy enable
role direktur condition all
role direktur web-proxy resource webmail
#****END****#
#
right-manager server-group
#
agile-network
#
device-classification
device-group pc
device-group mobile-terminal
device-group undefined-group
#
security-policy
rule name policy_sslvpn_1
destination-zone local
service https
action permit
rule name policy_sslvpn_2
source-zone local
destination-zone untrust
destination-address 10.2.2.0 mask 255.255.255.0
action permit
rule name policy_sslvpn_3
source-zone local
destination-zone untrust
source-address 10.2.2.0 mask 255.255.255.0
destination-address 10.2.2.0 mask 255.255.255.0
user user-group /default/direktur
action permit
#
auth-policy
rule name authpolUsersAllowed
source-zone Users
destination-zone untrust
source-address address-set addr_bypass
action exempt-auth
rule name authpolUsers
source-zone Users
destination-zone untrust
action auth
#
policy-based-route
#
rule name NATtoMgmt
source-zone Users
destination-zone Mgmt
action nat easy-ip
rule name NATtoGlobal
source-zone trust
destination-zone untrust
action nat easy-ip
rule name Trust
source-zone trust
destination-zone untrust
action nat easy-ip
#
proxy-policy
#
quota-policy
#
pcp-policy
#
dns-transparent-policy
dns transparent-proxy enable
dns server bind interface GigabitEthernet1/0/0 preferred 202.137.3.110 alternate 202.137.3.111
mode based-on-multi-interface
#
rightm-policy
#
sms
#
return
[curren]
