I need to permit inboud connection to all my vpn client connected to a MAG 4610 from a server of my internal network. eg: my server should to connect to port 22 of my clients when they are connected in the vpn. The ping response fine but i can`t connec to them.
How can i do this?
SA firewall is not statefull. You need to create VPN Tunneling Access Control to allow outbound packet to flow.
Three things you need to look at
1. On the VPN server - VPN Tunneling Access Control. Look for policies that permit access to only intranet IPs
2. On the internal firewall between the VPN server and the intranet (if one exists). Look for policies that allow access from VPN range to intranet range but not the reverse.
3. On the client. Look for a local firewall turned on by default or as part of Host Checker remediation.