Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎06-25-2007 02:35 PM

SSL VPN+no default gateway or routing info?

To all: I' m sure I am missing something really stupid, but surfing around this forum, the knowledge base, and the SSL VPN User Guide didn' t provide me with any info. I am working on setting up an SSL VPN using a Fortigate 500 with firmware version: Fortigate-500 3.00,build0319,060724. I am able to authenticate a client using a local user and I am getting an IP address from the reserved IPs in tunnel mode, but I cannot communicate from there. ipconfig is showing an IP of 172.31.1.10/32 with a default gateway of 172.31.1.10. I assume that I need to configure a virtual interface somewhere and assign that as the default gateway for those reservations, but I can' t figure out where. thanks in advance.
7830
0 Kudos
5 REPLIES 5
Not applicable

Created on ‎06-25-2007 11:58 PM

you don' t have to add the IP GW of your VPN adapter. You should just add the policy route from source IP of your SSL networks (incoming) to internal network (outgoing). And check your policy too, it should be internet(WAN) > internal (LAN) and ACTION > SSLVPN. regards, ata
4873
0 Kudos
Not applicable

Created on ‎06-27-2007 10:03 AM

double and triple checked that I was working from WAN to LAN with action SSLVPN and still no luck.
4873
0 Kudos
rwpatterson
Valued Contributor III
In response to

Created on ‎06-27-2007 10:12 AM

Start with ' all' > ' all' , service ' any' and narrow it down from there. If that doesn' t work, make sure your connection is really up.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
4873
0 Kudos
abelio
SuperUser
SuperUser
In response to rwpatterson

Created on ‎06-27-2007 11:41 AM

Start with ' all' > ' all' ,
Hello, I' ve believe that we found here in the lab, a mini-issue with setting destination to ' all' in a ssl-vpn policy. If I set " all" as destination in that policy, (i have ssl tunnel splitting allowed) I receive an error message saying: " Destination address of split tunneling policy is invalid" Solution: restrict destination address to subnets, etc for ssl-vpn policy (or disabling split tunneling at all) That error message doesn' t sound irrational, but, just for forum info (MR4, build 480 in a 200A box) regards,

regards




/ Abel

regards / Abel
4873
0 Kudos
rwpatterson
Valued Contributor III
In response to abelio

Created on ‎06-27-2007 12:03 PM

Ah, it would be nice to have a lab. Hey, I' ll take a couple of old boxes laying around. . .

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
4873
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.