Contributor

Question

subnet mask problem with ssl tunnel VPN

Forum|Forum|18 years ago
January 2, 2008
12 replies
15168 views

The tunnel VPN almost worked the way I wanted it to. It picked up one of the reserved IP addresses, but the subnet mask was 255.255.255.255 instead of 255.255.255.0. I set up the destination network with a subnet mask of 255.255.255.0 so I don' t know why it used the other subnet mask. Does it matter what interface I set the network to.? Right now I have it set to ANY.

rwpatterson

New Member

The work station will always have the 255.255.255.255 subnet mask, because the IP address is a single entity, not a network. The source must remain at ' any' . The destination could be anything from a single entity, to a group, to a ' multiple' entity with a combination thereof.

A

Anonymous_UserAuthor

Contributor

So if the mask is supposed to be 255.255.255.255, how do I communicate with the server so I can access my files?

rwpatterson

New Member

On the DHCP server, you create the entry with the correct subnet mask (255.255.255.0). On the work stations, the subnet mask will be 255.255.255.255, with each station having a UNIQUE ip address.

A

Anonymous_UserAuthor

Contributor

I guess I don' t know what you mean by " create the entry." The address was already in the DHCP scope with a subnet mask of 255.255.255.0.

rwpatterson

New Member

' The entry' refers to the DHCP server configuration. You already created it. The workstation will have the single IP address subnet (255.255.255.255). That is normal. Routing is a whole different animal. If you have an IP address, you should be able to get to your files if its permitted the policy(s). Can you ping the server? Start with the basics.

doshbass

New Member

Paul, Is there actually a problem here? Is any communication not working that you expect to work, because it looks to me like the FG is doing everything it is supposed to.

A

Anonymous_UserAuthor

Contributor

rwpatterson, No, I cannot ping the server from the remote computer. I can ping it on the Fortinet VPN screen though. I was trying to map drives but couldn' t. After doing an IPCONFIG /ALL I noticed the different subnet mask, but apparently that is not the problem. The only thing I' ve been able to to is RDP, but that was going through the FortiNet VPN screen instead of the remote computer.

rwpatterson

New Member

Is this setup in web mode?

A

Anonymous_UserAuthor

Contributor

No, this is the tunnel mode. But I have the same issue with web mode. I can only RDP. I can' t access any files using FTP. The web bookmarks do work though (in web mode, not tunnel).

A

Anonymous_UserAuthor

Contributor

When I enter the command IPCONFIG /ALL It says DHCP enabled is NO and there is no default gateway. The DNS and WINS servers all show up though.

rwpatterson

New Member

Make sure that in the policy, the source address is set to ' all' . Don' t ask why. Specifying a source stopped working with MR4. You' re guaranteed that only the correct users will hit the servers in the destination field because they are the only ones authenticated in this policy.

A

Anonymous_UserAuthor

Contributor

I should add that I am using a dial-up connection instead of broadband. I found this article: http://kc.forticare.com/default.asp?id=1722&Lang=1&SID= ...but it doesn' t work. Every time I activate the tunnel, the box is unchecked again.

A

Anonymous_UserAuthor

Contributor

Could it be a server configuration that is causing the problem?

A

Anonymous_UserAuthor

Contributor

OK, I' ve ALMOST got it working now. I turned off split tunneling and now I get a default gateway, but the gateway address is exactly the same as the IP address that was assigned to the laptop. Anyone know how to fix this? DHCP enabled still says no. Do I need to turn on the DHCP relay agent on the WAN interface(Regular since this is not a IPSEC VPN)?

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded