I’m testing a WatchGuard firewall’s SSL VPN setup in a lab environment, using its external IP (192.168.1.1
) and a notebook (192.168.1.10
) on the same subnet (192.168.1.x
). I know 192.168.x.x
is a private IP range, but this is for testing purposes.
The firewall’s internal network is 10.0.0.0/24
, and when I try to connect, I get a “TCP SYN not in order” error. The firewall should be handling the SSL VPN connection as if it were from an external network, but it seems to be mismanaging the session or routing.
I’ve checked firewall rules and SSL VPN settings, but the issue still occurs. Any ideas on why this happens or how to fix it?
Hi
Look here Add Network Dynamic NAT Rules
And remove 192.168.0.0/16
Pro tip, if you got a lan with a subnet that is from public (yes, shit is all around) you got to add there the subnet.
So your external is on a private IP range that your laptop is connected to?
What’s the external gateway/router?
Is there something in there that’s fouling the connection somehow?
Hey thanks. But I already tried that, no success.
the external gateway is 192.168.1.250 but there is no device with that ip, because it should work within layer 2 right?
Can you explain better how to you setup external interface? Ip, netmask, gw.
Sure, the external interface ip is 192.168.1.1 And the gateway is 192.168.1.250 and the subnet is 255.255.255.0
SSL vpn setting? Put some screenshots!
Sure, here are some screenshots: https://imgur.com/a/u4dJmki