NAT on SSL VPN Remote Access
- August 1, 2018
- 2 replies
- 7574 views
Hi Experts,
I'm just new when it comes to Fortigates and I hope you help me with this.
I have configured VPN remote access (SSL VPN). I can successfully connect on the tunnel but I am not able to reach my local subnets. I run debug flow and this what I get. (refer to the attachment ssl.vpn.jpg) Already allowed by firewall policy 5. I also tried sniffer packet and sees only ICMP request.
Out of the blue, I tried to enable NAT on the ssl.root-to-lan IPv4 Policy and run a test again. This time I am now able to reach my local subnet. I run a debug flow and this what I get. (refer to the attachment ssl.vpn.jpg) Still allowed by firewall policy 5 its just few changes from the first debug output I get. Also packet sniffer able to see reply from ICMP request.
My questions are: - What are the difference of my 1st and the 2nd debug flow? - Why I cannot reach my local subnet when NAT is not enabled? - What might be the possible reason why I can't reach my local subnet when NAT is disabled?
Sorry, those may be dumb questions but I just wanna learn more on Fortigates.
Hope somebody could help. Thanks a lot!
Regards, Kulas