Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Isinger
New Contributor

IPSEC VPN Behind Router

Hello,

I have setup IPSec VPN on my FortiGate 60E that reside behind a router,

I used port forwarding 500 and 4500 to foritgate wan interface and allowed Ipsec passthrough on my linksys router.

 

I am using fortiClient to remote access the VPN. I can connect to LAN Network and ping everything and i can RDP anything  with no problem , but i can't use putty SSH or access web server or connect to database ports.

 

not sure what iam missing , If i use putty to connect to my local server , the login screen appear but then connection timeout? 

 

I used to do port forwarding from router to fortigate firewall --> to server using virtual IP's

 

any help will be appreciated

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

I would check the server if it has a route back toward your VPN client IP and if it's allowing SSH from the IP, which is different from your previous Virtual IP setup.

Isinger

Dear Toshi,

Thank you for your reply, Actually i did try to add the route between the server and the VPN-IPSEC network but it didn't work, 

 

VPN-IPSEC subnet  is 192.168.25.0 , LAN Subnet is 192.168.45.x

So I added the route : route add -net 192.168.25.0 netmask 255.255.255.0 gw 192.168.45.X dev eth2

SSH and server ports are allowed on eth2 firewall ( and i disabled firewall for testing )

 

what do you think?

Toshi_Esumi

Then, I would run Wireshark on the server and sniffer on the FG60E to see how far the packets from the client is reaching, and if the server is replying. For sniffing, don't forget disable auto-asic-offload at incoming and outgoing policies.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors