Reset Search
 

 

Article

KB45335 - Resources inaccessible through the VPN after upgrading to Ivanti Connect Secure (ICS) 9.1R16

« Go Back

Information

 
Last Modified Date7/25/2022 5:04 PM
Synopsis
This article outlines an issue connecting to an ICS appliance using 9.1R16 where resources may be inaccessible through the VPN.
Problem or Goal
After upgrading to Ivanti Connect Secure (ICS) 9.1R16, users may report that they are unable to access resources through the VPN. The issue is not related to the Desktop Client version being used and it wasn't present in previous PCS/ICS versions.
Cause
If specific resources are configured in the VPN ACL with a wildcard (*) port range, these resources are inaccessible through the VPN in 9.1R16.

Testing has shown the following behavior depending on the type of VPN ACL policy:

protocol://<ip>:* = FAIL
protocol://<ip>:80 = PASS
protocol://<ip>:1-65535 = PASS
protocol://<ip>/24 = PASS
protocol://*:80 = PASS
protocol://*:1-65535 = PASS
protocol://*:* = PASS
*:* = PASS
Solution
Workaround: Use specific ports or port ranges if specifying resources in the VPN ACL, use IP subnets or move to a generic *:* policy.

Unfortunately there is currently no workaround for icmp:// resources.

The root cause for this issue has been identified and fixed in ICS 9.1R16.1 and above.

 
Related Links
Attachment 1 
Created ByJamie Hughes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255