VPN-SSL Can't access destination connected over MPLS Line

Forum|Forum|6 years ago
December 20, 2019
1 reply
6564 views

Hi, All,

I have one issues and don't know how to resolve it,

our Network Diagram is:

Factory1 in US, Factory2 in SINGAPORE

Factory1 connect to Factory2 by MPLS Line, and it become a LOCAL LAN,

now, at Factory1, I use firewall Fortinet 501E Ver 6.0

I was create VPN-SSL for client remote using.

the problem is when client connect VPN they can't do the Ping to Factory2.

have any one can help me and show me some suggest?

Thanks,

VPN diagram.png

Toshi_Esumi

SuperUser

I think you attached a wrong diagram. It us between Hong Kong and Vietrum including Cisco ASA, 88x, Meraki MX, etc. but no FortiGate.

In any way, most likely your problem is the SSL VPN client subnet is not routed via MPLS. Likely the FW or router at Factory2 doesn't have a route for the client subnet. Check what you configured for the SSL VPN and put the static route (assuming not using routing protocol) on the router toward the MPLS interface.

it_nvluongAuthor

New Member

Hi,

Thanks for your reply.

Actually, the subnet use for VPN SSL was routing in MPLS and the problem is:

when client connect VPN to factory1, they tracert ip of factory2, the routing show that, the packet was go through to MPLS router at factory2 and droped at here and can't reach the destination IP in Factory2 LAN.

And i was test assign this subnet in Local LAN at factory1 and it can ping to factory2. it mean the routing between 2 MPLS router is ok. it only.

i would like to send the new Diagram and routing.