Cannot access in house hosted HTTPS website using NetExtender

Hi Experts,

I'm having a bit of an issue. I cannot access an in house hosted HTTPS website while SSL VPN'd into the LAN.
I get a connection refused error in Chrome. DNS works fine and can resolve the host internally, firewall rules have been set to allow the SSL VPN IP pool to communicate with the host. Local User ACL and Client routes ACL has LAN subnets in them.  

I can get to HTTP internally hosted (i.e company website) fine on the SSL VPN. We're using NetExtender and SonicWALL SSL VPN.
chrislindsayAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steve KnightIT ConsultancyCommented:
To confirm debugging, is this server on the same subnet/vlan as the other http one that works etc?  Can you get to any other ports on the same server?  Does this same machine work inside the network or is it only always external.  Any different with a different browser?
btanExec ConsultantCommented:
minimally after the ssl vpn setup, the "ping" should reach the https site. May check firewall access rules (that is auto created) on the from and to SSLVPN zone from other zones like the local zone . Optionally you could modify the auto-created SSLVPN to LAN rule to allow access only to those users that are configured (recommended to use single rule with groups rather than multiple rules with individual users). Also to make sure the default gateway is right which I supposed it is already since it can reach via http https://support.software.dell.com/kb/sw10657

there is one case but may just want to check if it applies - NetExtender Client is connecting it receives correct IP however it can't access internal resources (LAN).  IP range for SSL VPN Clients is the same as for LAN clients. https://support.software.dell.com/kb/sw10964

all also try out the "Tunnel All Mode" to enforce all traffic via the tunnel setup
chrislindsayAuthor Commented:
Hi Steve and btan.

The server is indeed on the same subnet. I cannot access it using it's internal IP address and port number so I presume it's always external, with a simple NAT. Same issue with IE but IE is a little less informative about the problem (page cannot be displayed).

 I cannot ping the site because we don't allow pings to the site. I can access all LAN resources and even ping and remote into the host of the web site.

Nothing looks funny on the to and from, the only thing I've blocked is the IP pool from contacting our WSUS server so we don't fry the bandwidth on a Monday evening.
btanExec ConsultantCommented:
will be good if there is some log to show the denial from the sonicwall so that we ascertain (a) the source address actually being blocked per se.

And (b) will this be different if keyed the actual webserver IP instead of hostname to reach it via HTTPS still - will be good to check to isolate if DNS is causing some issue (or simply change host file on test client) as well as (c) the default gateway is correctly assigned to the client when VPN is up

Also if Firefox will also make no differences ...https://support.software.dell.com/kb/sw3843

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.