Skip to main content
c_n_s
c_n_s
New Member
April 30, 2025
Solved

VPN to different internal VLAN

  • April 30, 2025
  • 1 reply
  • 951 views

Hello!

 

I have a Windows server, as a Windows RRAS VPN server, connected to the fortigate's "internal" interface. No one on the same network is able to connect the VPN, which is to be expected. Everyone outside the office can connect to the VPN with no problems.

 

The same firewall also has a guest VLAN, which has no access to the internal network, it only has one policy, to connect to the internet, and I'm trying to make the VPN work for computers on that VLAN. The computers are able to connect to the server, windows asks for credentials, and then drops.

 

I've tried policies, Virtual IP's, port forward, but can't get it to work.

 

Any help is much appreciated!

 

Thank you!

Best answer by funkylicious

hi,

wouldn't it be simpler to just grant access to whatever LAN resources you want, rather than connecting to the VPN while already there ?

 

as for what you want to achieve, it could/should work directly using the private IP of the RAS server. just make the appropriate firewall policy for the traffic ( guest > internal ), opening the ports that your VPN would need.

1 reply

funkylicious
SuperUser
funkyliciousAnswer
SuperUser
April 30, 2025

hi,

wouldn't it be simpler to just grant access to whatever LAN resources you want, rather than connecting to the VPN while already there ?

 

as for what you want to achieve, it could/should work directly using the private IP of the RAS server. just make the appropriate firewall policy for the traffic ( guest > internal ), opening the ports that your VPN would need.

"jack of all trades, master of none"
c_n_s
c_n_sAuthor
New Member
May 8, 2025

Hello!

 

Turns out the connection wasn't going through because I had another third-party VPN connected. That VPN was set to continue running in the background with the application closed and I didn't notice that before.

 

In the end I didn't have to change the firewall configuration.

 

I'm marking your answer as a solution because of the idea to use the internal IP address of the server, which was what made me find out the other vpn was still connected.

 

Thank you very much for your help!

Terms & ConditionsAccessibility statement