Fortigate firewall : 60D - Wifi
Firmware Version : v5.2.3,build670 (GA)
Operation Mode : NAT
Ipsec vpn Client DHCP range : 192.168.60.10-192.168.60.20
VPN only can access the NAS, IP:192.168.10.70
Symptom
When Client established the VPN connection and trying trace route to 192.168.10.70.
The first hop is ALWAYS the IP address of the FortiGate' s DMZ interface, even though I have the FortiGate' s DMZ interface administratively down.
When I change the DMZ IP and trace route again , the first hop IP will be change accordingly
When i change the DMZ IP to 0.0.0.0/0.0.0.0 , the first hop IP will be change to WAN-1 IP (External IP for Internet)
Why the first hop is not the gateware IP address ? how can i fix this problem ?
thanks
Ringo
