cancel
Showing results for 
Search instead for 
Did you mean: 

cannot reach external sites from internal DMZ host

rt
New Member

cannot reach external sites from internal DMZ host

Hi, I think this may have been answered but just for clarification, I have Pulse Connect Secure configured with VPN tunneling with a series of vlan ports.  My Client connects to the VPN and is able to get around the Internal DMZ network and connect to the server within with no problems.  However, when I attempt to connect to resources outbound on the public side of the PS from the server in the DMZ I get nothing.  Servers inside the DMZ are isolated except through the PS. Servers need to be able to connect to internet outbound though the external port to download software and troubleshoot client issues, get to DNS, etc.etc..  Is that possible?

1 REPLY 1
Highlighted
Moderator
Moderator

Re: cannot reach external sites from internal DMZ host

VPN server will use Internal port to source the egress traffic. Client can use the External port to connect to the VPN server, however, the traffic initiated by the client will be forwarded to the internal network using the Internal port.

 

Client traffic >> Internet >> DMZ >> External port >> VPN >> Internal port >> Intranet/Intranet.

 

Please allow the Internal port of the VPN server (resides at the DMZ) to communicate with the Internet/Intranet zones, so that, the VPN clients can connect to Internet.