IPSEC VPN TUNNEL-Unable to access from a different port

40User · ‎04-02-2010

Hell All, I hope I can clearly explain this. I have about 10 VPN tunnels going and active from our Corporate Fotigate 110C (3.0 MR7) without any major issues. All the policies are set from the Corp LAN on PORT1 e.g. 192.168.10.0/24. I have few more interfaces running from the 110c to segment few networks within our corporate. I just segmented our marketing to port 5, e.g. 192.168.25.0/24 and I added a workstation there that needs access to various resources around the company through the VPN tunnels. Well the problem is that even after setting up FW policies to allows the port5 segment ALL access through the respective VPN tunnels on both Corporate and other sites, I am unable to access anything on the other sites. What is the critical piece am I missing here? Is it possible t o access the tunnels from various ports on one forti??? Help!

rwpatterson · ‎04-02-2010

Are the tunnels in policy mode or interface mode?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

g3rman · ‎04-02-2010

Also, make sure that the far end sites know how to route back to 192.168.25.0/24

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com

40User · ‎04-02-2010

" Also, make sure that the far end sites know how to route back to 192.168.25.0/24" So first I smacked myself for about 3 mins...and then went ahead and added the static route on the external fortinet BACK to 192.168.25.0/24 at Corp... AND IT WORKED!!!

Its always the GODDAMN obvious mistakes. Thanks SOOO much!!

rwpatterson · ‎04-06-2010

DOH!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com