User gets connected to the VPN but he is unable to access internal resources or ping internal IP servers. Tracert from user ends on the NetScaler vserver. NetScaler is able to reach all subnets on the LAN.

Users on the LAN cannot ping any IP from the IP Pool created for Intranet IP in the NetScaler Gateway vserver, even after creating a test SNIP for that pool.

Ping from the test SNIP to the users using that pool fails as well. 

NetScaler admin needs to request the network team to add a static or dynamic route for the IP Intranet Pool in use for the full VPN. This route should point to the NetScaler SNIP. This will enable internal IPs from the LAN to know a route back to the users connected from the VPN.

The following is an example for a Cisco router:
ip route 10.10.10.0 255.255.255.0 192.168.1.1

Problem Cause

Missing internal LAN routing for the IP Pool in use for full VPN.