Passing Traffic to IPsec Dial-up VPN Clients

Forum|Forum|9 months ago
August 16, 2025
1 reply
641 views

FortiGate 60F, v7.4.8, with IPsec Remote Access VPN using Forticlient, everything has been working well. I now need to set up a second tunnel that will assign a single IP address to a remote access client.

The remote access client can access all LAN resources, but need servers on the LAN to pass traffic to the Remote Access clients too. I've tried setting up a static route to the tunnel interface, and created a policy to allow LAN > Tunnel. I see traffic coming in from the LAN, and out through the tunnel interface, but nothing arrives (no response back from ping).

Hopefully I'm missing something easy here!

FortiGate

msanjaypadma

Staff

Hi @cis4 ,

Did you try disabling the firewall on remote access users PC?

cis4Author

New Member

Hi Mayur,

Thanks for the reply. I've tried disabling the firewall on the remote computer, and left wireshark running, but I'm getting nothing through to it. It's like the traffic is getting lost somewhere between LAN going out through the Tunnel, and the Remote Endpoint.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded