Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alihmp2005
New Contributor

Remote SSL VPN User cannot see other branches.

Hello Guys,

 

I have configured this network in my laboratory(Please see the photo) Toplogy.png. I have two Fortigate 7.2 and both Fortigates are connected through a Site-To-Site VPN Tunnel(I created by IPSEC Wizard) and also I have configured SSL VPN Tunnel mode and my remote user is connected to Fortigate 1 with Public IP 1.1.1.1, now the problem is that Remote VPN user can only see the Client 1 and cannot see the Client 2, what can be issue? or do you have any training material for this topology? 

Thanks in advanced,

Ali 

1 Solution
vdralio
Staff
Staff
3 REPLIES 3
vdralio
Staff
Staff
alihmp2005

Thank you so much, I found the problem, I didn't add the Remote VPN IP IP Range in the routing and policy, I added it and problem solved.

sw2090
Honored Contributor

well I would first check the routing table on the remote user client. It has to have a route to the subnet where Fortigate 2 and Client 2 are in. Or the default route has to have FortiGate 1 as gateway (which would mean that all of remote user's internet traffic would go over the vpn and hit FortiGate 1. I would not recommend that).

That is because the routing table is the first thing that is looked at to find a way to the destination. And that way is either the default route (because it matches anything that is not matched by any other route) or a static/connected route.

Then FortiGate 1 has to also know a route to FortiGate 2 subnet plus also has to have a policy that allows traffic from vpn to Fortigate 2 subnet.

And last but not least FortiGate2 has to have a route back to your vpn and  a policy to allow traffic to flow.


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams