SSL-VPN cannot reach other subnet over IPSEC tunnel

Forum|Forum|11 years ago
June 17, 2015
1 reply
4268 views

Hi.

Using Firmware 5.2.3

Network info:

Office 1: 172.29.1.0/24

Office 2: 172.29.8.0/24

IPSEC tunnel: VPN_Offices

SSL-VPN connects to Office1

The offices are connected over an IPSEC tunnel and I can reach resources on both subnets from both sites.

The SSL-VPN is configured with Routing address för both subnets and is configured on Office1.

set split-tunneling-routing-address "Office1" "Office2"

I have configure rules from ssl.root to (Office1, Office2, VPN_Offices)

I have configure rules from (Office1, Office2,VPN_Offices) to ssl.root

Still, I can't reach anything on Office2 when connected to SSL-VPN.

What have I missed?

I have set it up almost exactly as in this guide http://pack3tlife.com/2014/08/13/fortigate-ssl-vpn-on-5-2/

In the comments they discuss IPSEC site to site and how to get it to work with SSL-VPN clients and talk about "right combination of policies and adding in the extra Phase 2 / quick-mode selector settings to match the SSL VPN user range".

5.2

pushpendra11

New Member

Hi ,

You do not need to add an additional quick mode selector in ph2 for an ssl vpn subnet , instead you can use the NAT feature in the policy to achieve the task .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded