Lost the outside connects when VPN-connect is up

Question

Hello!

I have a FortiClient 5.6.5 on Windows 7 x64 and a connect parameters for IPSec VPN.

The VPN connect is work. But, when VPN-connect is up, I lost a connect with all my hosts on local network. The input (listening) connects to my host not work too. The Internet work is fine.

Now I can’t work with my computer without local resource and can’t install FortiClient on the server machine as the outside not have access to VPN-reaources.

My network when the VPN is not connected (host with VPN is 10.1.2.18):

Network Mask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.1.2.1 10.1.2.18 11

10.1.2.0 255.255.255.0 On-link 10.1.2.18 266

10.1.2.18 255.255.255.255 On-link 10.1.2.18 266

10.1.2.255 255.255.255.255 On-link 10.1.2.18 266

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 10.1.2.18 266

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 10.1.2.18 266

ping to Internet-resource - succesful

ping to 10.1.2.19 - succesful

nmap to this host of outside host:

$ nmap 10.1.2.18

Starting Nmap 7.40 ( [link]https://nmap.org[/link] ) at 2018-02-14 19:00 MSK

Nmap scan report for 10.1.2.18

Host is up (0.0038s latency).

Not shown: 989 closed ports

PORT STATE SERVICE

135/tcp open msrpc

139/tcp open netbios-ssn

445/tcp open microsoft-ds

2522/tcp open windb

3306/tcp open mysql

3389/tcp open ms-wbt-server

49152/tcp open unknown

49153/tcp open unknown

49154/tcp open unknown

49155/tcp open unknown

49156/tcp open unknown

Nmap done: 1 IP address (1 host up) scanned in 1.62 seconds

My network when the VPN is connected:

0.0.0.0 0.0.0.0 10.1.2.1 10.1.2.18 11

0.0.0.0 0.0.0.0 192.168.121.2 192.168.121.1 2

10.1.2.0 255.255.255.0 On-link 10.1.2.18 266

10.1.2.18 255.255.255.255 On-link 10.1.2.18 266

10.1.2.255 255.255.255.255 On-link 10.1.2.18 266

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.121.1 255.255.255.255 On-link 192.168.121.1 257

100.100.100.100 255.255.255.255 10.1.2.1 10.1.2.18 10

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 10.1.2.18 266

224.0.0.0 240.0.0.0 On-link 192.168.121.1 257

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 10.1.2.18 266

255.255.255.255 255.255.255.255 On-link 192.168.121.1 257

ping to Internet-resource - succesful

ping to 10.1.2.19 - failed

nmap to this host of outside host:

$ nmap 10.1.2.18 -Pn

Starting Nmap 7.40 ( [link]https://nmap.org[/link] ) at 2018-02-14 19:00 MSK

Nmap scan report for 10.1.2.18

Host is up.

All 1000 scanned ports on 10.1.2.18 are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.27 seconds

I see a two default gateway, but my attempts fixed this is not succesful.

I have no idea who I can reduce security setting at VPN-connect is up. I need to have access to outside of my host and/or access to host of outside hosts.

I can’t have access to the VPN-server Forti. My tools is FortiClient only.

Can you help me?

Hkp · Answer

Hi,

if I understood your question correctly your devices in local subnet are not reachable when you are connected with FortiClient VPN?

Are you using SSL or IPSec Dialup VPN? Should it be IPSec, change your Phase1 configuration in CLI:

#config vpn ipsec phase1-interface

edit "YOUR-PHASE1-VPN-TUNNEL-NAME" (upper and lower cases must be correctly!) set include-local-lan enable next

end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded