IPSEC VPN Behind Router

Forum|Forum|7 years ago
February 2, 2019
1 reply
6670 views

Hello,

I have setup IPSec VPN on my FortiGate 60E that reside behind a router,

I used port forwarding 500 and 4500 to foritgate wan interface and allowed Ipsec passthrough on my linksys router.

I am using fortiClient to remote access the VPN. I can connect to LAN Network and ping everything and i can RDP anything with no problem , but i can't use putty SSH or access web server or connect to database ports.

not sure what iam missing , If i use putty to connect to my local server , the login screen appear but then connection timeout?

I used to do port forwarding from router to fortigate firewall --> to server using virtual IP's

any help will be appreciated

Toshi_Esumi

SuperUser

I would check the server if it has a route back toward your VPN client IP and if it's allowing SSH from the IP, which is different from your previous Virtual IP setup.

IsingerAuthor

New Member

Dear Toshi,

Thank you for your reply, Actually i did try to add the route between the server and the VPN-IPSEC network but it didn't work,

VPN-IPSEC subnet is 192.168.25.0 , LAN Subnet is 192.168.45.x

So I added the route : route add -net 192.168.25.0 netmask 255.255.255.0 gw 192.168.45.X dev eth2

SSH and server ports are allowed on eth2 firewall ( and i disabled firewall for testing )

what do you think?

Toshi_Esumi

SuperUser

Then, I would run Wireshark on the server and sniffer on the FG60E to see how far the packets from the client is reaching, and if the server is replying. For sniffing, don't forget disable auto-asic-offload at incoming and outgoing policies.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded