Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
goodtoys
New Contributor

IPSec remote VPN access multi vlan

Hi All, 

 

Looking for advise, we have IPsec VPN allow user remote access office LAN. Office LAN include multi VLANs on one location (NOT site to site). 

 IPsec VPN client can access VLAN1 but can not access VLAN2. Under the office location user can access any vlan. 

 

Any suggest how to should trouble this issue? Sorry I am not good on Fortigate, also the end user did  not renewal the support services.

 

Thanks 

5 REPLIES 5
Sachin_Alex_Cherian_

Hi,

The basic things can be checked first.

1) Routing on the firewall for vlan2.

2) Firewall policy created for the remote client has vlan2 subnet is allowed or not.

3) Sometimes, the remote client's IP might not be reachable from the vlan2, if this is the case enabling source NAT on the firewall policy (tunnel->vlan2 policy) might help.

Hope the above helps, if not would be better to run the flow trace debugs to see what exactly happens.

 

Regards,
Sachin.
goodtoys

1) not sure this one. when VPN connection the IP on client is 10.0.11.100. at routing table only find below. If I need VPN access other VLAN22 such as 192.168.22.0/24

I should add 10.10.10.0/28 to VLAN22?

goodtoys_0-1647224784783.png

2) We enable the VPN client access the multi VLAN 

3) On same VPN client allow access the multi VLAN NAT option are enable.

 

Sachin_Alex_Cherian_

Is the vlan22 subnet configured on FortiGate? Please check reachability from Fortigate to vlan22 IPs. If not you need to add a corresponding route entry on FortiGate for vlan22 subnet.

Regards,
Sachin.
goodtoys

Yes, the vlan22 configured on fortigate. Let me try add a route and see is that solve this issue. thanks 

Sachin_Alex_Cherian_

If the vlan interface is configured on the FGT itself, there would already be a connected route entry. Try checking the reachability.

You can run the flow trace along with the sniffer to check if the firewall is allowing the connections.

Regards,
Sachin.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors