Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
XP_2600
New Contributor II

Remote access VPN

I set a native Windows remote access vpn using the wizard, i choose a range of IP addresses to be assigned for the remote access clients (I kept the subnet as /32) the range i chose is not from my LAN range, vpn worked users can connect and they receive ip from the range, but they cannot access the local resources ,for instance i cannot ping the internal ip addresses after login, do i need to set a static route manually or do anything else ? thanks.

4 REPLIES 4
akristof
Staff
Staff

Hello,

 

Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between/...

Adrian
lopezmason


@akristof wrote:

Hello,

 

Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:
 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between...
we become what we behold


That's a good idea

XP_2600
New Contributor II

Thank you all for your replies, unfortunately i tried to delete and re create, and i got another error, it was phase 1 error, even though i just re used the wizard but i got ipsec phase 1 negotiation failed, i restored an old backup to make sure there is no conflicts, i guess it is an ISP problem as i can see different IP on fortigate VPN log differ from the computer which i try to remote access from, anyway i used SSL VPN and it fulfilled my needs.

But i think IPSec VPN wizard need to some enhancements on future versions.

sw2090
Honored Contributor

generally IPSec debuggig and logging imho needs some enhancement :)

But that's a general ipsec issue not fortinet specific :)

 

However,

 

even if you use a part of your subnet for the vpn clients like you wrote - the traffic will still use different interfaces! Traffic from/to vpn client uses the vpn interface and traffic from/to your other clients in the subnet uses the interface the subnet is on. So to be able to access other clients from out of your vpn you will need some policy :)

 


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams