Hi,
Firewall: FortiGate 200D
We have a site to site IPSEC VPN between our head office and remote office. And the site-to-site works fine.
And also we have a IPSEC Client VPN as well. When users connected from client VPN to the head office, they are able to access the head office network without any issues. But they cannot access the remote office network via the client VPN.
I have put a policy route from Client VPN to the remote office side and from remote office side to Client VPN allowing all traffic as well.
But still its not working. Some help would be highly appreciated.
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Make sure that the IP subnet that the dialup users have on the FGT are allowed through the IPSec tunnel. If they are not included in the P2 selectors, you can create an IP pool with a spare IP address that is allowed through and use that in the policy from the dialup VPN to the remote site IPSec tunnel.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
you need add policy VPN -> WAN for dial up VPN users with IPsec action
if you use subnet restriction in FortiClient you must add subnet for branch office
Hello everyone.
I am having the exact same issue. Here is my setup:
Site A (192.168.10.0/24)
Site B (192.168.14.0/24)
Both sites on Fortigate 60D, with Site A on firmware 5.4.1 and Site B on 5.2.9. Both sites connected via IPSEC Site-2-Site and everything works as it should.
Users on Site A connect remotely via dialup IPSEC Forticlient, pulling an IP from the same subnet and they can access resources on site A, such as drive mappings and network files with no problem. If they try to connect to any drives or file shares on Site B or use RDP, they get an error. I've been researching this for a bit now and this thread is the closest I've come.
Do I need to create another phase 2 for the dialup VPN tunnel to point to the other subnet? Currently the VPN is set up be configured via the Wizard. Should I change it to custom and add a second P2? The dialup IPSEC VPN is setup as split tunnel as well.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.