Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ViduraP
New Contributor

Created on ‎11-04-2016 02:46 AM

Cant connect to site to site VPN network when connected from IPSec remote client VPN

Hi,

Firewall: FortiGate 200D

We have a site to site IPSEC VPN between our head office and remote office. And the site-to-site works fine.

 

And also we have a IPSEC Client VPN as well. When users connected from client VPN to the head office, they are able to access the head office network without any issues. But they cannot access the remote office network via the client VPN.

 

I have put a policy route from Client VPN to the remote office side and from remote office side to Client VPN allowing all traffic as well.

But still its not working. Some help would be highly appreciated.

 

Thanks in advance.

9057
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎11-04-2016 05:37 AM

Make sure that the IP subnet that the dialup users have on the FGT are allowed through the IPSec tunnel. If they are not included in the P2 selectors, you can create an IP pool with a spare IP address that is allowed through and use that in the policy from the dialup VPN to the remote site IPSec tunnel.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2450
0 Kudos
JakubP
New Contributor
In response to rwpatterson

Created on ‎11-11-2016 05:44 AM

you need add policy VPN -> WAN for dial up VPN users with  IPsec action

 

if you use subnet restriction in FortiClient you must add subnet for branch office 

2450
0 Kudos
OnemoreDK
New Contributor
In response to JakubP

Created on ‎11-16-2016 06:55 AM

Hello everyone. 

 

I am having the exact same issue. Here is my setup:

 

Site A (192.168.10.0/24) 

Site B (192.168.14.0/24)

Both sites on Fortigate 60D, with Site A on firmware 5.4.1 and Site B on 5.2.9. Both sites connected via IPSEC Site-2-Site and everything works as it should.

 

Users on Site A connect remotely via dialup IPSEC Forticlient, pulling an IP from the same subnet and they can access resources on site A, such as drive mappings and network files with no problem. If they try to connect to any drives or file shares on Site B or use RDP, they get an error. I've been researching this for a bit now and this thread is the closest I've come. 

 

Do I need to create another phase 2 for the dialup VPN tunnel to point to the other subnet? Currently the VPN is set up be configured via the Wizard. Should I change it to custom and add a second P2? The dialup IPSEC VPN is setup as split tunnel as well.

 

2450
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.