Route-based connection
To configure interconnection with a route-based IPsec VPN - web-based manager:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information and select OK.
Incoming Interface | Select the virtual SSL VPN interface (ssl.root, for example). |
Source Address | Select the firewall address that represents the IP address range assigned to SSL VPN clients. |
Outgoing Interface | Select the virtual IPsec interface for your IPsec VPN. |
Destination Address | Select the address of the IPsec VPN remote protected subnet. |
Action | Select ACCEPT. |
Enable NAT | Enable. |
To configure interconnection with a route-based IPsec VPN - CLI:
If, for example, you want to enable SSL VPN users to connect to the private network (address name OfficeAnet) through the toOfficeA IPsec VPN, you would enter:
config firewall policy
edit 0
set srcintf ssl.root
set dstintf toOfficeA
set srcaddr SSL_tunnel_users
set dstaddr OfficeAnet
set action accept
set nat enable
set schedule always
set service ALL
end
See Also