Hello,
I have a IPsec VPN for FortiClient created the past year, it was working fine with split-tunnel
It seems that about 15 days ago, when the quarantine started in Argentina, for some unknown reason, the clients can ping to the VOIP Router but can NOT ping to other VOIP devices in the same subnet
We dont know what could we do to modify this behavior
For example:
ping 172.20.35.1 -> succesful
ping 172.20.35.160 -> failed
With traceroutes to both addressess, the first jump to 172.20.35.1 was 172.20.15.1 (IPsec VPN Interface IP Address in the Fortigate), but the first jump for 172.20.35.160 was my local gateway
So I checked the routes in the client side and I realliced that I just had a route for 172.20.35.1/32 instead of 172.20.32.0/22
This route is dynamically created, so Fortigate is giving this route to clients, where can I change this?
Thanks in advance.
Regards,
Damián
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Damian sos de argentina? veo que hace tiempo usas fortigate, tengo un tema parecido al tuyo con la VPN que no accede a una red generada por un tunel
You can enable "split tunneling" in the FC, and add a route to that subnet. Traffic to this subnet will then always use the tunnel. NOTE: traffic to other destinations, like any host on the internet, will NOT use the VPN anymore! If you want that you have to disable split tunneling (that is, a default route is inserted pointing to the /32 gateway).
How can I enable "split tunneling" in the FortiClient? it does not have any option to be enabled and the network adapter for FortiClient does not have the option to "use default gateway in the remote network"
Also, I dont know which gateway should I use for router.
I assigned an IP to VPN interface in the Fortigate, but Fortigate is not assigning his IP to clients on dynamic routes, it is assigning the next IP on pool.
For example:
Fortigate assign 172.20.15.68 to client and assign 172.20.15.69 as gateway in routes
Fortigate assign 172.20.15.69 to client and assign 172.20.15.70 as gateway in routes
Any Idea?
Regards,
Damián
Hola Juan Pablo,
Si, soy de Argentina, si queres contame que tipo de VPN tenes configurada y cual es el problema puntual y si te puedo ayudar te ayudo.
Saludos,
Damián
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.