I have a remote user that for an unknown reason started to have issues connecting remotely.
No changes were done on the Fortigate. According to the user not no changes on the remote user side network (same ISP, same router). Previous to the issue they had been connecting without any issues since it was setup months ago on a daily basis.
FortiClient connects but I lose Internet access and I cant ping the devices at the main office. I also noticed that I dont get an IP assigned.
I already restarted the Fortigate and deleted and recreated the FortiClient VPN.
Office/Fortigate network/subnet is 10.10.10.0
Remote sites network/subnet is 10.0.0.0
I have experience issues in the past with overlapping subnets with FortiClient, but in those cases the device connecting remotely didnt loose Internet access, it just had issues accessing some devices at the office if some IP overlapped. They have been working fine for months
Could it be issues with the subnets? Something else?
Solved! Go to Solution.
Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.
toshiesumi wrote:Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.
I have split-tunnel enabled.
Then it's a problem on the client side if it loses internet. Something must have changed on the device or the FortiClient.
For the access problem over the tunnel, again, you should check those specific routes are actually inserted into the routing table.
I dont think its specifically on the clients side. I have configured the VPN on a few workstation afterwards and some work, others dont.
Those that dont I notice the VPN connects, but on the FortiClient Window it doesnt have an IP assigned (it appears blank).
You need to run debugging on the FGT when it fails. If IPsec, "diag debug app ike -1". If SSL VPN, "diag debug app sslvpn -1".
Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.
toshiesumi wrote:Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.
I have split-tunnel enabled.
Then it's a problem on the client side if it loses internet. Something must have changed on the device or the FortiClient.
For the access problem over the tunnel, again, you should check those specific routes are actually inserted into the routing table.
I dont think its specifically on the clients side. I have configured the VPN on a few workstation afterwards and some work, others dont.
Those that dont I notice the VPN connects, but on the FortiClient Window it doesnt have an IP assigned (it appears blank).
You need to run debugging on the FGT when it fails. If IPsec, "diag debug app ike -1". If SSL VPN, "diag debug app sslvpn -1".
Dear ,
you have to create ipv4 policy between your vpn interface to wan interface.
source=vpn interface
destnation=wan interface
allow all,
please try it..
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.