| Description | This article describes how to access local LAN resources when connected to an IPsec dial-up full tunnel. Enabling split-tunneling is not allowed. |
| Scope | FortiGate, FortiClient. |
| Solution |
In this example, an IPsec Dial Up Full tunnel (DHCP over IPsec) is configured.
Related article: Technical Tip: IPsec dial-up full tunnel with FortiClient
The local PC <10.190.3.113> can ping other local resources inside the same subnet. In this instance, the gateway <10.190.1.193> is reachable.
But once connected to the IPsec Dial-Up VPN, the IP 10.190.1.193 is unreachable.
To resolve this without enabling split-tunneling, select 'Enable Local LAN' under the FortiClient Phase1.
Once enabled, the local resources should be reachable now while connected to the IPsec VPN.
Additional Scenario: Windows clients are unable to access internal resources. Another scenario may occur where both macOS and Windows users can successfully connect using FortiClient, but only the Windows clients are unable to access or ping internal network resources. If this happens, try disabling, saving, and then re-enabling NAT Traversal in both. The Dial-Up VPN configuration on the FortiGate and within the FortiClient application. This applies only to Windows clients. NAT Traversal is not available as a configurable option in FortiClient for macOS.
|
