Dialup IPSec VPN - wrong route when forticlient connected

Forum|Forum|8 years ago
July 24, 2017
1 reply
9437 views

Hi,

on one of my remote laptops (windows 10 pro x64) after dialup IPSec connection incorrect route is created:

In this situation (bottom picture) when forticlient is connected, there is no internet access or servers (behind FortiGate) access.

The IPSec tunnel "split tunnel" option is checked.

There are no issues on other remote clients using the same tunnel.

There is still an issue when I create a second connection on this laptop using another tunnel settings.

The client using FortiClient 5.4.4.0890_x64 but I also tried on 5.6.0.1075_x64 - same issue.

The Fortigate runs on v5.4.5,build1138 (GA)

Can anybody help?

route_print.jpg

5.4

Toshi_Esumi

SuperUser

Are you sure the client user name is in the same user group with the other working clients? Then you need to run ike debug by specifying the outside IP of the client environment.

diag debug reset

diag vpn ike log-filter dst-addr4 [OUTSIDE_IP]

diag debug app ike -1

diag debug ena

kcerbAuthor

New Member

Thank you for the answer.

Before that I decided to uninstall version 5.6 and one more time install 5.4.

I typed the configuration one more time and this time it started working properly. I was pretty sure the configuration was always the same, because the only thing I could do wrong was credentials, but in this case I would not be able to connect. Strange ...

Toshi_Esumi

SuperUser

If the config on the FG for IPSec is wrong, all clients would fail not only one particular. Every time you upgrade/downgrade firmware I would backup the entire config so that you can "diff" when you come back to the same major version of the firmware whatever the reason is.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded