An Internet User Cannot Access Intranet Resources After the Network Extension Service Is Enabled

An Internet user cannot access intranet resources after the network extension service is enabled on a FW.

Cause 1: The virtual network adapter on the user's PC failed to obtain a virtual IP address.

Cause 2: The virtual IP address conflicts with the FW's interface address, intranet server address, or DHCP address pool.

Cause 3: The route between the FW and the intranet server was unreachable.

Cause 4: An accessible private network segment was not configured or configured incorrectly.

Cause 5: Security policies were configured incorrectly.

• Cause 1: The virtual network adapter on the user's PC failed to obtain a virtual IP address.

  • The virtual IP address to be assigned by the SSL VPN gateway conflicts with IP addresses used on the FW. As a result, the virtual IP address fails to be assigned.

    In the navigation tree of the FW, choose Network > SSL VPN > SSL VPN and click the Network Extension tab. In the displayed page, verify that IP addresses in Available IP Address Range for the SSL VPN gateway do not conflict with the IP address of the SSL VPN gateway or the IP address of the intranet interface on the FW.

  • Virtual IP addresses are used up.

    In the navigation tree, choose Network > SSL VPN > SSL VPN and click the Network Extension tab. In the displayed page, expand the Available IP Address Range.

• Cause 2: The virtual IP address conflicts with the FW's interface address, intranet server address, or DHCP address pool.

  The virtual IP address can be in any network segment but should not conflict with the IP addresses in Available IP Address Range of the SSL VPN gateway, FW's interface address, intranet server address, or DHCP address pool.

• Cause 3: The route between the FW and the intranet server was unreachable.
  1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Monitor > Diagnosis Center.
  2. Click the Ping icon. In Host Name or IP Address, enter the intranet server IP address.

  3. Click Ping to check the network connectivity.

     If the IP address cannot be pinged, the network between the SSL VPN gateway and the intranet server is faulty. Verify the connections between the SSL VPN gateway and intranet server and the routing configurations.

• Cause 4: An accessible private network segment was not configured or configured incorrectly.
  1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Network > SSL VPN > SSL VPN.
  2. Click the Network Extension tab.
  3. In Accessible Private Network Segment List, verify that the intranet resources that the user wants to access are configured correctly.

• Cause 5: Security policies were configured incorrectly.
  1. Log in to the Web UI for the FW as the system administrator. In the navigation tree, choose Policy > Security Policy > Security Policy.
  2. In the displayed page, check the security policy configuration. If there is a security policy that disables the user from using the network extension resource, change this security policy.