I set a native Windows remote access vpn using the wizard, i choose a range of IP addresses to be assigned for the remote access clients (I kept the subnet as /32) the range i chose is not from my LAN range, vpn worked users can connect and they receive ip from the range, but they cannot access the local resources ,for instance i cannot ping the internal ip addresses after login, do i need to set a static route manually or do anything else ? thanks.
Thank you all for your replies, unfortunately i tried to delete and re create, and i got another error, it was phase 1 error, even though i just re used the wizard but i got ipsec phase 1 negotiation failed, i restored an old backup to make sure there is no conflicts, i guess it is an ISP problem as i can see different IP on fortigate VPN log differ from the computer which i try to remote access from, anyway i used SSL VPN and it fulfilled my needs.
But i think IPSec VPN wizard need to some enhancements on future versions.
generally IPSec debuggig and logging imho needs some enhancement :)
But that's a general ipsec issue not fortinet specific :)
even if you use a part of your subnet for the vpn clients like you wrote - the traffic will still use different interfaces! Traffic from/to vpn client uses the vpn interface and traffic from/to your other clients in the subnet uses the interface the subnet is on. So to be able to access other clients from out of your vpn you will need some policy :)
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams