SSL VPN site to site

Forum|Forum|10 years ago
October 16, 2015
2 replies
14293 views

Hi ,

we have three office site A B & C with 3 FG80c.

There are ipsec vpn beetween A-B A-C B-C (Internal from A can communicate with B and C resource; ....).

Theres are 3 sslVPN for each site for external communication.

My issue : none of VPNSSL connections lets vpn SSL users to access to other site after a successfull connection.

example : when i'm connected from external by sslvpn to site A, i can't see any resource of site B or site C. Is that a policy probleme (i checked all sslroot to ipsep interface seemed ok...in each fortigate)?

thanks a lot.

cbesse

New Member

Hello,

Have you check the following settings :

- Is the VPN SSL subnet is allowed in the ipsec phase 2 ? - have you created a static route in the FortiGate in site B and Site C ?

Regards

emnoc

New Member

More importantly did you run diag debug flow , with one of the sslvpn_pool address given to an external user ?

That and above will at least give you a running start as to what to look at.

bmotamedAuthor

New Member

ok i'll try this.

thanks

sorrowking

New Member

Yeah, same problem, someone can help please ?

bmotamedAuthor

New Member

Hello, my issue was resolved, i've missed a policy rule.

set srcintf "wan1" set dstintf "destination" set srcaddr "all" set dstaddr "destinationAdress" "destinationAdress-VPN-SSL" set action ssl-vpn set identity-based enable config identity-based-policy edit 1 set schedule "always" set groups "ssl users" "SSL portal ext" set service "ALL" set sslvpn-portal "full-access" next end next

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded