Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to access the SA from the Internet

StefanP_
New Contributor
‎12-19-2011 12:01:AM
‎12-19-2011 12:01:AM

Unable to access the SA from the Internet

Hi all,

I have a problem getting the my SA's visible from the Internet.

I have two SA2500's in a active/passive configuration. The external interfaces are connected to a firewall and the internal interfaces are connected to the local LAN.

I have both the external and the internal interfaces set up with VIP-addresses (as well as individual addresses for each port). The firewall allows https-traffic the the external VIP-address and the firewall also NAT's the external VIP-address.

Now, when I try to connect to the address the firewall translates to I don't get any response what so ever. I have checked the routing-settings and so on on the SA's. I'm quite lost what to check next actually, and I hope you guys can help me.

If you need any more information just let me know and I will provide as much as I can.

Thanks in advance!

Regards,

Stefan

0 Kudos
4 REPLIES 4
firewall72_
Frequent Contributor
‎05-04-2008 05:48:AM
‎05-04-2008 05:48:AM

Re: Unable to access the SA from the Internet

Hi,

I would check "User Port" under Network, External Port.  Make sure it's enabled.  I would also check your rotuing by going to Network, Routes (Internal/External drop down).  Try pinging your gateways from the SA using Troubleshooting, Tools, Commands.  The last thing I would check is under Realms, Admin Realms, Authentication Policy, Administrator Sign-in ports.





John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.

0 Kudos
RexPGP_
Frequent Contributor
‎05-04-2009 10:45:AM
‎05-04-2009 10:45:AM

Re: Unable to access the SA from the Internet

under tools run a tcp dump on the oexternal; interface. It may help to see where failing

0 Kudos
kalagesan_
Super Contributor
‎12-19-2011 01:24:AM
‎12-19-2011 01:24:AM

Re: Unable to access the SA from the Internet

Hi,

I belive that you are trying to access the SA access through hotsname URL ( signin URL), also understand that there is no routing issues.

What is your IP address that is mapped in DNS server for SA hostname, make sure you have mapped SA's external VIP and external port for the host A record of your DNS server since you have enabled SA external and internal port.

After this try pinging the SA hostname or the URL from the internet, if its still failing, please provide the traceroute information and the also provide the device information where it fails.

Regards,

Kannan

0 Kudos
StefanP_
New Contributor
‎12-19-2011 01:28:AM
‎12-19-2011 01:28:AM

Re: Unable to access the SA from the Internet

Actually I have no hostname set for the device yet. I am just trying to reach the VIP-address from the outside (not actually the VIP-address, but the address that it is NAT:ed to).

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.