- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Dialup VPN can't see all subnets
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dialup VPN can't see all subnets
FortiOS 7.2.8
Main Lan 10.1.10.0
Dialup Users 10.20.30.0
Fortinet IP 10.1.10.1
Secondary LAN 192.168.0.0
Why can't dialup vpn user see all subnets, I have some IPs 192.168.0.0/24 on the same switch lan as 10.1.10.0
Dialup VPN users can browser 10.1.10.0 just fine but can't see 192.168.0.0, Since VPN takes 10.20.30.0 to 0.0.0.0. Shouldn't they see anything plugged into LAN port 1?
So LAN port 1 goes to switch, some machines have 10.1.10.0 and some have 192.168.0.0 on them, dialup vpn users can not see the 192.168.0.0 ip's
Rules
Static Route
10.0.20.0 lt2p interface
Dialup -> WAN1 - All All Lt2p Service
l2t.root -> LAN - Dialup Range to ALL
Labels:
- Labels:
-
SSL-VPN
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In case you are using a split tunnel Dial-up VPN then you should add the other subnet in IPsec Phase1. Split tunnel subnets will be installed in the user's computer
Please refer to this article: article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-split-tunnel-For-IPsec-VPN/ta-p/192...
Config vpn ipsec phase1-interface
edit <vpn tunnel name>
set ipv4-split-include "name of the subnet group"
end
end
If you are using the full tunnel, please make sure that destinations are allowed in the policy.
Amritpal Singh
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm using the windows dialup template so I do not have a split tunnel option. I tried the command line command and get an error. I tried to re-create the VPN using forticlient as that seems the only template that has split VPN option but I don't think Widows dialup with work with that VPN template
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @freshfitz ,
By default, when you use Windows Native Dialup VPN it will be the default gateway of the PC (client).
May I verify if there is firewall policy allowing traffic from 10.20.30.0 to 192.168.0.0?
To further check traffic flow, please follow below troubleshooting guide.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
For split tunneling, you may follow below guides
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between/...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-split-tunneling-in-Windows-1...
Best Regards,
Arnold Dimailig
TAC Engineer
Arnold Dimailig
TAC Engineer
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- VPN IPSEC Dialup Connection IKE v2 141 Views
- AWS FortiGate route between 2 availability... 211 Views
- Fixing IP overlap using virtual IPs 91 Views
- FortiSwitch F148 Standalone mode VLAN Managment... 127 Views
Labels
-
FortiGate
7,188 -
FortiClient
1,419 -
5.2
801 -
5.4
639 -
FortiManager
621 -
FortiAnalyzer
458 -
6.0
416 -
FortiAP
376 -
FortiSwitch
375 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
116 -
IPsec
110 -
SSL-VPN
109 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
FortiSandbox
34 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
LDAP
21 -
FortiConverter
21 -
Certificate
21 -
SAML
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
Routing
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiLink
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
SSL SSH inspection
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
System settings
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1077 | |
| 892 | |
| 529 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.