Reset Search



KB45335 - Resources inaccessible through the VPN after upgrading to Ivanti Connect Secure (ICS) 9.1R16

« Go Back


Last Modified Date7/25/2022 5:04 PM
This article outlines an issue connecting to an ICS appliance using 9.1R16 where resources may be inaccessible through the VPN.
Problem or Goal
After upgrading to Ivanti Connect Secure (ICS) 9.1R16, users may report that they are unable to access resources through the VPN. The issue is not related to the Desktop Client version being used and it wasn't present in previous PCS/ICS versions.
If specific resources are configured in the VPN ACL with a wildcard (*) port range, these resources are inaccessible through the VPN in 9.1R16.

Testing has shown the following behavior depending on the type of VPN ACL policy:

protocol://<ip>:* = FAIL
protocol://<ip>:80 = PASS
protocol://<ip>:1-65535 = PASS
protocol://<ip>/24 = PASS
protocol://*:80 = PASS
protocol://*:1-65535 = PASS
protocol://*:* = PASS
*:* = PASS
Workaround: Use specific ports or port ranges if specifying resources in the VPN ACL, use IP subnets or move to a generic *:* policy.

Unfortunately there is currently no workaround for icmp:// resources.

The root cause for this issue has been identified and fixed in ICS 9.1R16.1 and above.

Related Links
Attachment 1 
Created ByJamie Hughes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255