Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheUnhealthyComputer
New Contributor

Created on ‎11-01-2017 12:33 PM

Can't Access VPN Tunnels Via FortiGate Client IPsec VPN

Hi Guys,

 

I recently setup a client IPsec VPN on my FortiGate 80D running firmware v5.0, but it doesn't seem to be working properly. My goal is to access two VPN tunnels via the client VPN. Unfortunately, when I connect to the client VPN I'm unable to access anything over the two VPN tunnels. While connected to the Client VPN, I have no issues accessing the Internet.

 

Here's some information that might be useful

[ul]
  • The FortiGate is running on the 10.100.100.0/24 subnet.
  • The Client VPN is running on the 10.100.32.0/24 subnet.
  • An address entry was created on the FortiGate for the 10.100.32.0/24 subnet under the name "Client VPN".
  • A static route was created on the FortiGate for the Client VPN.
  • Two separate policy rules were setup on the FortiGate, each allowing access to a VPN Tunnel (see screenshot below).[/ul]

    Here's a screenshot of my policy setup

     

     

    I was hoping to find some useful information about this issue on Google, but the only thing I could find was people asking how to access VPN tunnels trough a SSL VPN, not an IPsec VPN. If anyone could guide me in the right direction, I would very much appreciate it .

     

    Thank You!

    • Preview file
    84 KB
    Labels:
    9259
    0 Kudos
    3 REPLIES 3
    Toshi_Esumi
    SuperUser
    SuperUser

    Created on ‎11-02-2017 09:51 AM

    Please explain a little more about your environment. Did you mean "FortiClient on PC/Mac,etc." by Client VPN? Or the client is a router/FW device and setting up "dialup" vpn?

    3369
    0 Kudos
    brycemd
    Contributor II
    In response to Toshi_Esumi

    Created on ‎11-02-2017 01:58 PM

    Did you add the client VPN subnet to the phase 2 on the site to sites?

    3369
    0 Kudos
    ipbloke
    New Contributor

    Created on ‎11-03-2017 06:30 PM

    Hi There,

     

    I have not tried this myself though if I am reading your post correctly then are you saying that the following is occurring ?

     

    VPN Client ---> FW ---> Internal Network ------------------ Works correctly (You can access internal networks)

    Internal Networks ---> FW ---> VPN Client ----------------- Does not work. (You can't access remote clients)

     

    I struggled setting up my IPSEC VPN initially for remote access though I found the following link was useful:

     

    http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-ipsecvpn/Phase_2/Basic_Phase2_Setting...

     

    Basically there is a statement at the bottom which says:

     

    The workaround is to use multiple Phase 2s. If the configuration is FGT <-> FGT, then the better alternative is to just use 0.0.0.0 <-> 0.0.0.0 and use the firewall policy for enforcement.

     

    I found that setting this in the Phase 2 selectors section  of my IPSEC Tunnel config made it easier to control access via standard FW policy.

     

    I can't speak with authority on this and I am sure their will be loads of others who have done what you are trying to do though its worth ensuring this is set up correctly.

     

    Fingers crossed for you & apologies if this not the answer !

     

    Matt

     

     

    3369
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.