cancel
Showing results for 
Search instead for 
Did you mean: 

SSLVPN over SSLVPN

Occasional Contributor

SSLVPN over SSLVPN

Hi

Is it possible to run an SSL Netconnect VPN over another Netconnect VPN.

I.e. Connect to Site1 SSLVPN -> LAN -> Connect to Site2 SSLVPN -> Client LAN

Site2's SSL VPN appliance cannot be accessible from the internet hence why you need to connect to Site1 first.

I have done some initial testing and it looks like you cannot.

When I try to fire off the second Netconnect session i get the following error:

'An NC Tunnel is already configured on this client. Please terminate the existing session'

nc.windows.app24043

Any ideas?

Thanks

Stu

5 REPLIES 5
New Contributor

Re: SSLVPN over SSLVPN

don't believe this is supported as you noted as the 2nd netconnect will detect that netconnect is already up and running

Contributor

Re: SSLVPN over SSLVPN

Unfortunately, this is not supported/possible.

The only way I know to work around that limitation is by setting up a VMWare image running in NAT mode:

- The VM host machine is running NC1 to Site1

- The VMWare guest is running NC2 to Site2

Not sure this is acceptable for you but it;s the only way I can think of.

Frequent Contributor

Re: SSLVPN over SSLVPN

The limitation is that you cannot have multiple copies of Network Connect / WSAM / JSAM running on a PC at once... but if you mix them you can accomplish this.

So if I'm understanding your configuration right, it sounds like you're trying to use Network Connect for both connections and that's your problem. If instead you used WSAM on Site1 and gave it access to connect to Site2, then you theoretically could have Site2 launch Network Connect and be fine. I'd imagine that this would be pretty slow, though, as you're forcing your traffic through 2 SSL tunnels, but it should work. I have a vendor that does the reverse with us (their techs work remotely, so they connect to the vendor SSL VPN through Network Connect, then they connect to my SSL VPN via WSAM)

Frequent Contributor

Re: SSLVPN over SSLVPN

Could you configure a VPN connection to your firewall then hit the 2nd SSL VPN?

Another question, why do you have users hitting an SSL VPN when they are already on the LAN? Is it only for SSL encryption between workstation and destination server?

New Contributor

Re: SSLVPN over SSLVPN

I run into the same problem

what we are thinking about is to :

juniper ssl vpn over F5 ssl vpn

does it work?