Is it possible to run an SSL Netconnect VPN over another Netconnect VPN.
I.e. Connect to Site1 SSLVPN -> LAN -> Connect to Site2 SSLVPN -> Client LAN
Site2's SSL VPN appliance cannot be accessible from the internet hence why you need to connect to Site1 first.
I have done some initial testing and it looks like you cannot.
When I try to fire off the second Netconnect session i get the following error:
'An NC Tunnel is already configured on this client. Please terminate the existing session'
Unfortunately, this is not supported/possible.
The only way I know to work around that limitation is by setting up a VMWare image running in NAT mode:
- The VM host machine is running NC1 to Site1
- The VMWare guest is running NC2 to Site2
Not sure this is acceptable for you but it;s the only way I can think of.
The limitation is that you cannot have multiple copies of Network Connect / WSAM / JSAM running on a PC at once... but if you mix them you can accomplish this.
So if I'm understanding your configuration right, it sounds like you're trying to use Network Connect for both connections and that's your problem. If instead you used WSAM on Site1 and gave it access to connect to Site2, then you theoretically could have Site2 launch Network Connect and be fine. I'd imagine that this would be pretty slow, though, as you're forcing your traffic through 2 SSL tunnels, but it should work. I have a vendor that does the reverse with us (their techs work remotely, so they connect to the vendor SSL VPN through Network Connect, then they connect to my SSL VPN via WSAM)
Could you configure a VPN connection to your firewall then hit the 2nd SSL VPN?
Another question, why do you have users hitting an SSL VPN when they are already on the LAN? Is it only for SSL encryption between workstation and destination server?