vpn connection successful - file sharing works, but no remote dekstop, ssl or ping from outside net.

Perhaps too obvious... but does the fw rule allow a tunnel in both ways? Regards, Eric

Disabled inbound nat, no difference, everything still works as before, filesharing ok, but no ping, sll or remote desktop. could it be something with the firmware of the firewall, or is something to do with the way remote desktop works?

I did a trace route from the client, and it stops at the ip address of the external interface, of the firewall, using debug on the firewall i' m able to see that the firewall picks up something, but i don' t know what it means. Kind Regards Carl

Sounds to me like you have only the Filesharing opened on the windows firewalls on the clients. As you can share files, it severely limits the number of places where it can go wrong. IP traffic is fine, so it' s 99.9% a firewall that stops you. Probably the one on the clients.

i have tried to disable the firewall on a client on the lan, but i' m still unable to access the client. if i log into the FortiGate firewall and enter: diagnose debug enable diagnose debug console timestamp enable diagnose debug application ike 2 i' m able to se some kind of trafic when i ping a client on the internal lan from the external klient. but when i use remote desktop i' m unable to see any kind of traffic, does the remote desktop travel along some other kind of route? fx the internet instead of the vpn tunnel. kind regards Carl

in the forticlient i have set up virtual ip acquisition like this IP: 192.168.2.130 SUB: 255.255.255.128 DNS: 192.168.2.6 WINS: 192.168.2.6 i should use the dns server of my regular lan right? or should it be set to the ip of the external interface? another thing which seems wierd to me is that if i do a ipconfig /all on a client after the vpn connection has been established. the result is: IP: 192.168.2.130 SUB: 255.255.255.128 Def Gateway : DHCP: 192.168.2.131 DNS: 192.168.2.6 WINS: 192.168.2.6 Shouldn' t there be a default gateway, and what about dhcp, I haven' t set any dhcp server up on that ip. Don' t know if this info helps in any way. Kind regards Carl

Here is some more info: This is the result of the debug console on the fortigate. This result comes, after i do a tracert from the client connection through vpn: 2006-01-13 14:42:23 Comes EX.EX.EX.EX:500->GX.GX.GX.GX:500,ifindex=3, external, vf_id=0.... 2006-01-13 14:42:23 Exchange Mode = 5, Message id = 0xFEC228C6, Len = 92 2006-01-13 14:42:23 ####### ISAKMP INFO ########## 2006-01-13 14:42:23 Received Payloads=2006-01-13 14:42:23 HASH2006-01-13 14:42:23 Notif2006-01-13 14:42:23 2006-01-13 14:42:23 ######### Receive Information Payload(Protected)######### 2006-01-13 14:42:23 protocol_id=1, notify_msg=36136 (DPD_PROBE), ispi_size=16 2006-01-13 14:42:23 spi=2006-01-13 14:42:23 722006-01-13 14:42:23 d92006-01-13 14:42:23 c22006-01-13 14:42:23 b62006-01-13 14:42:23 d82006-01-13 14:42:23 bb2006-01-13 14:42:23 982006-01-13 14:42:23 512006-01-13 14:42:23 d82006-01-13 14:42:23 a72006-01-13 14:42:23 f62006-01-13 14:42:23 962006-01-13 14:42:23 482006-01-13 14:42:23 0f2006-01-13 14:42:23 fc2006-01-13 14:42:23 532006-01-13 14:42:23 2006-01-13 14:42:23 Msg=2006-01-13 14:42:23 002006-01-13 14:42:23 002006-01-13 14:42:23 002006-01-13 14:42:23 052006-01-13 14:42:23 2006-01-13 14:42:23 Send IKE Packet(DPD probe):GX.GX.GX.GX:500(if3) -> EX.EX.EX.EX:500, len=92 2006-01-13 14:42:23 I have replaced my ip. GX is the ip of the external interface of the firewall EX is the ip of the client trying to connect. Regards Carl

Same issue for me... Does anyone have a solution ? pleaz help us :)

okay so i finally solved the problem. okay i had created 2 address spaces on the firewall running from 192.168.2.1 and a netmask of 255.255.255.128, and a nother running from 192.168.2.128 and netmask 255.255.255.128. using these ipaddress spaces presented a problem since the default gateway of the fortigates internal side is at 192.168.2.1. so changing the address spaces from 192.168.2.0/255.255.255.128 and 192.168.2.128/255.255.255.128 everywhere both on the firewall and on the forticlient solved the problem. i just want to thank everybody who tried to help. Kind Regards Carl