Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
capricorn80
New Contributor II

L2TP on FortiGate 5.6 with Split Tunneling

Hi!

 

I configured my L2TP with below link and its working fine.

https://cookbook.fortinet.com/ipsec-vpn-windows-phone-10-54/

It created two rules automatically. One with traffic going to internal and strangly its use NAT enable in this case.

Second rule it created for L2TP interfaces to Internet without nat and only L2TP. May be some default thing but I change it to enable NAT and I think also change its service from L2TP to all and I can browse but I want that traffic should go direct rather via firewall.

So kind of Split Tunneling for SSL VPN. How can I achieve that?

 

Thanks

 

4 REPLIES 4
bombadil
New Contributor

same problem. I thank those who can give us a tip.

this is my route table while l2tp is up: (10.100.20.2)

 

0.0.0.0          0.0.0.0    192.168.0.254    192.168.0.103   4250 0.0.0.0          0.0.0.0         On-link            10.100.20.2     26

 

I have a rule to permit the l2tp network to wan, without solution :(

dmilagros_FTNT

Hey guys, to get the split tunneling feature there is no way to configured from FortiGate side like on VPN SSL. The way to get it, is directly on the windows client. You have to go to VPN connection adapter on Control Panel\Network and Internet\Network Connections\VPN_name >Right Click > Properties > Networking > Internet Protocol Version 4 (TCP/ IPv4)> Properties > Advanced ... > Uncheck (Use default gateway on remote network)

 

Hope be helpful!!!

OneOfUs
New Contributor III

https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253

 

config vpn ipsec phase1-interface    edit "Dialup_IPsec"

        set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */

 

If you haven't come across the above article, it may contain your solution.

BlakeR
New Contributor

The suggested document only works for IPsec, not L2TP. 

Labels
Top Kudoed Authors