IPSec Tunnel Won't connect to remote fortigate

Forum|Forum|6 years ago
July 12, 2019
2 replies
16046 views

I configured an IPSec tunnel to access my home server through Fortigate 60D. The forticlient will connect while on my home lan but when i try to access outside my home LAN it does not connect. Can anyone assist please?

hubertzw

New Member

Did you configure all destination IPs in the selectors? Do you have firewall policy for this traffic?

Clubinski25Author

New Member

I am not sure what you mean by the destination IPs in the selector. This is a snap of the Policy for the Tunnel.

Please advise,

IPSEC.jpg

hubertzw

New Member

You showed policy with destination interface 'internal'. If the resource is accessible via different interface you need a separate policy.

Selectors - this is how you define what traffic should be sent to the tunnel. If you specify destination for example 10.0.0.0/24, you can't send traffic to 10.1.0.0/24. Verify your VPN settings (phase2).

sw2090

SuperUser

hm you wrote you can connect to your vpn from your lan but no from outside (even if you set the isp as remote gw on your forticlient). Unfortunately you didn't provide one important detail:

How is your FGT connected to the internet? Does the FGT do dialup with pppoe? Or does it even have static isp ip on an interface? In this case it should work.

Or do you have a router in front of your FGT that does the connection to your isp and the wan side of the FGT is just connected to it. In this case you need to do some portforwarding on your router. You will need the ports 500/UDP (IPSEC itself) and probably 4500/UDP (NAT-Traversal if you use it) forwarded to your FGT.

hth

Sebastian

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded