Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rishab444
Staff
Staff

Created on ‎04-16-2025 06:46 AM

Article Id 387884

Troubleshooting Tip: Gateway IP showing as next available IP in VPN client range when connecting to IPsec dial-up tunnel

Description This article describes behavior where the gateway for the routes pushed by split tunnel configuration show as the next IP in the IPsec VPN Client Range.
Scope FortiOS.
Solution
  • This is expected behavior. By default, the IPsec connection does not push a default gateway to the Virtual Ethernet Adapter on the End User machine unless mode-config and DHCP are being used.

 

Ethernet adapter Ethernet 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Fortinet Virtual Ethernet Adapter (NDIS 6.30)
Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c56d:1f61:4835:5f7e%19(Preferred)
IPv4 Address. . . . . . . . . . . : 10.99.91.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Lease Obtained. . . . . . . . . . : Monday, April 14, 2025 8:15:41 PM
Lease Expires . . . . . . . . . . : Friday, May 22, 2161 2:44:51 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.99.91.2
DHCPv6 IAID . . . . . . . . . . . : 318769423
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-87-3D-66-00-41-72-74-2E-01
DNS Servers . . . . . . . . . . . : 192.168.113.192
96.45.46.46
NetBIOS over Tcpip. . . . . . . . : Enabled

 

  • For the routes learned via split tunnel, populating them into the routing table requires a gateway, which uses the DHCP Server IP (the next available IP from the IPSec VPN Client Range) to forward the traffic destined to these networks towards the tunnel.

     

C:\Users\Fortinet>route print
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.99 192.168.1.125 15
0.0.0.0 0.0.0.0 192.49.9.1 192.49.9.5 15
10.0.0.0 255.0.0.0 10.99.91.2 10.99.91.1 1       <----------
10.9.16.104 255.255.255.255 192.168.1.99 192.168.1.125 15
10.99.91.2 255.255.255.255 On-link 10.99.91.2 257
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.49.9.0 255.255.255.0 On-link 192.49.9.5 271
192.49.9.5 255.255.255.255 On-link 192.49.9.5 271
192.49.9.255 255.255.255.255 On-link 192.49.9.5 271
192.168.1.0 255.255.255.0 On-link 192.168.1.125 271
192.168.1.125 255.255.255.255 On-link 192.168.1.125 271
192.168.1.255 255.255.255.255 On-link 192.168.1.125 271
192.168.241.1 255.255.255.255 192.49.9.1 192.49.9.5 15
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.99.91.2 257
224.0.0.0 240.0.0.0 On-link 192.168.1.125 271
224.0.0.0 240.0.0.0 On-link 192.49.9.5 271
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.99.91.2 257
255.255.255.255 255.255.255.255 On-link 192.168.1.125 271
255.255.255.255 255.255.255.255 On-link 192.49.9.5 271
===========================================================================
259
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.