Skip to main content
itx86
itx86
New Member
February 18, 2019
Solved

FortiClient Default Gateway IPsec

  • February 18, 2019
  • 1 reply
  • 15695 views

Hello guys, I am facing the following challenge and can't get any further. I hope you can help me.

 

I want to connect a VPN between a virtual server (hosted Windows Server 2016) and a data center.

The virtual server has no VPN capability. With FortiClient I was able to establish the connection to the data center via IPSec,

but it takes the IP of the data center when it goes out to the Internet. What do I have to change or how do I get it that he keeps his IP? Or is there another way, I have a FortiGate 50E in the datacenter. Thank you very much for your help.

Best answer by SteveG

Thanks for the screenshot, it really helps. Under "Accessible Networks" enter the network range you want to access via the VPN, for example 10.0.0.0/8.

 

This doc provides an example config

 

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253

 

The part you need is 

    set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */    

1 reply

SteveG
SteveG
New Member
February 18, 2019

If I understand what you're asking you need to configure the VPN for Split Tunneling and specify the CIDR ranges you'd like to send via the FortiClient VPN.

itx86
itx86Author
New Member
February 18, 2019

Hi Steve, thank you so much for the answer. Yes, I checked that as a test, but nothing has changed. Where do I set the CIDR? What must I enter, can you please give me an example. Do I have to consider or change the configuration of IPv4 Policy or Forticlient App? (screenshot in the attachment)

Thanks for your help.

 

SteveG
SteveGAnswer
New Member
February 18, 2019

Thanks for the screenshot, it really helps. Under "Accessible Networks" enter the network range you want to access via the VPN, for example 10.0.0.0/8.

 

This doc provides an example config

 

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253

 

The part you need is 

    set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */    

Terms & ConditionsAccessibility statement