Skip to main content
A
Anonymous_User
Contributor
June 25, 2007
Question

SSL VPN+no default gateway or routing info?

  • June 25, 2007
  • 2 replies
  • 9092 views
To all: I' m sure I am missing something really stupid, but surfing around this forum, the knowledge base, and the SSL VPN User Guide didn' t provide me with any info. I am working on setting up an SSL VPN using a Fortigate 500 with firmware version: Fortigate-500 3.00,build0319,060724. I am able to authenticate a client using a local user and I am getting an IP address from the reserved IPs in tunnel mode, but I cannot communicate from there. ipconfig is showing an IP of 172.31.1.10/32 with a default gateway of 172.31.1.10. I assume that I need to configure a virtual interface somewhere and assign that as the default gateway for those reservations, but I can' t figure out where. thanks in advance.

    2 replies

    A
    Anonymous_UserAuthor
    Contributor
    June 26, 2007
    you don' t have to add the IP GW of your VPN adapter. You should just add the policy route from source IP of your SSL networks (incoming) to internal network (outgoing). And check your policy too, it should be internet(WAN) > internal (LAN) and ACTION > SSLVPN. regards, ata
    A
    Anonymous_UserAuthor
    Contributor
    June 27, 2007
    double and triple checked that I was working from WAN to LAN with action SSLVPN and still no luck.
    rwpatterson
    rwpatterson
    New Member
    June 27, 2007
    Start with ' all' > ' all' , service ' any' and narrow it down from there. If that doesn' t work, make sure your connection is really up.
    abelio
    SuperUser
    abelio
    SuperUser
    June 27, 2007
    Start with ' all' > ' all' ,
    Hello, I' ve believe that we found here in the lab, a mini-issue with setting destination to ' all' in a ssl-vpn policy. If I set " all" as destination in that policy, (i have ssl tunnel splitting allowed) I receive an error message saying: " Destination address of split tunneling policy is invalid" Solution: restrict destination address to subnets, etc for ssl-vpn policy (or disabling split tunneling at all) That error message doesn' t sound irrational, but, just for forum info (MR4, build 480 in a 200A box) regards,
    Terms & ConditionsAccessibility statement