Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

How to allow the VPN client remote access to internal network

I' ve the fortigate 200 in office as i' m trying to remote access using Microsoft VPN plain text to access to office " Internal Network" . Behind my firewall, there is a DHCP server. I' ve setup the firewall policy (external to internal) and PPTP. While i' m trying to remote connect, it validate the username and password, and then connected. However, i couldn' t get the IP address from the DHCP server.. When i do a " ipconfig" and the IP address is 200.1.1.190/ 255.255.255.255. I try to ping my internal IP of all my servers, i couldn' t ping or unable to connect. What i want is to get the IP address from my internal DHCP server if possible. If u have another alternative solution, pls advise. Appreciate if anyone can help... Thks
10 REPLIES 10
Fireshield
New Contributor

Try removing NAT from the policy and see if that fixes your issue.
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable

I tried to remove NAT, it seems to be the same (IP: 200.1.1.190 /255.255.255.0).. It does not get the IP address from DHCP and no DNS assign. I couldn' t ping my internal IP addresses of all the servers. I do not know whether is this a correct setup..
Fireshield
New Contributor

Is 200.1.1.190 part of your internal subnet?
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
FCSE > FCNSP 2.8 > FCNSP 3.0 (Former) FCT
Not applicable

Yes.. 200.1.1.190 is part of my internal subnet. In fact, all my internal ip address are from 200.1.1.1 to 200.1.1.254.
Not applicable

I can made a microsoft PPTP VPN through a fortigate 60. 1. I made a static route first the real IP gateway to all my local ip 2. made a virtual IP mapping a real IP to Firewall ip (I directly use the Wan2 IP address) 3. made a local user for VPN user. 4. made a user group for vpn and select a policy to it. 5. set a pptp range in order to provide remote user a local IP address 6. use win 2000 or xp to dial a PPTP VPN though the real IP and use the VPN user ID and password I set in 3. Hope this can help you and please tell me is it have a black holes for hacker?
Not applicable

Hi, Can u send me a picture of your static route and firewall policy.. I tried your steps, but it couldn' t connect.. Thks
Not applicable

Hi Gary I' ve managed to connect using PPTP into private network using your steps.. but the IP is 200.1.1.190 /255.255.255.255 (which was belong to PPTP range in Fortigate FW) I couldn' t get IP address from DHCP.. How ? If there any way to setup 200.1.1.190 /255.255.255.0 in Fortigate Firewall... Pls advise. Thks
Not applicable

Hi, In fact, Fortigate 60 will give a internal IP to remote user by setting PPTP IP range. I no need to set any DHCP to remote client. However, I notice a DHCP tape page in router setting. I think you can use the fortigate as a DHCP server. Just keep in mind the pool will not duplicate with your oringinal DHCP server. Do you have a email or a phone contact no. I can send you my fortigate setting image. Thanks GARY
Not applicable

Hi Gary, This is my email address : sherman.goh@pacific.net.sg My contact number is 65-96396960 I' m waiting for your setting image .. Tks
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors