The Dialup connection is configured as per requirement:

Example: 

A common issue that gets missed out when setting up the Dialup tunnel, is when split tunneling is enabled on the Dialup config. An address range is specified as per the above 'test_split' and this will have the range of servers or destinations to which the user connecting to FortiClient will reach out.

- In most cases, the IP subnet of the FortiClient address ranges are missed out here.

Example:

The FortiClient IP address range is: 10.10.2.1-.10.10.2.200, so any users who connect to the dialup will have an IP assigned from this.

- The Accessible Network field as per the diagram defines which destinations are supposed to be allowed.

Example:

10.45.3.0/24 is defined in the 'test_split' address object.

- Now when a user in PC1 whose Ip is 10.10.2.2 and a user in PC2 whose IP is 10.10.2.3 want to ping each other the connection will fail or gets a request timed out.

- This is because of the IP range is not defined in the address object in the 'Accessible Network' on the Dialup config.

- Ensure to create of an address group that would include the destination to the PCs connecting to Dialup to reach in this case the Forticlient address range should also be included in the 'Accessible Networks' for PC1 to reach PC2 (both connected to FortiClient).

- Ensure NAT is not enabled on the relevant firewall policy of this connection.