IPsec VPN - Can't access internal network

BKR · ‎10-07-2024

Hello,
I have an issue with my IPsec tunnel, when connected to VPN I have access to my firewall through LAN(Port2) interface.
But I don't have access to VLANs created under LAN(Port2) interface.
Note that I have created firewall policies to allow access from VPN to internal network, and vise versa.

Port1 is my WAN

LAN(Port2) Address: 10.0.0.100

VLAN Snet: 10.1.1.0/24

VPN Client Snet: 172.16.10.0/24

Server machine: 10.0.0.138

Note that I working on a virtual fortigate firewall on a cloud.

VPN configuration VPN status

Ping to server from client side Ping to server from firewall

dbhavsar · ‎10-08-2024

Hello @BKR ,

- Can you run the following debugs while pinging the destination:

In Console1:
get router info routing-table details <source-ip>
get router info routing-table details <destination-ip>
di de reset
diagnose debug flow filter addr xx.xx.xx.xx yy.yy.yy.yy and <--- xx is source-IP and yy is destination-ip
di de flow filter proto 1
diagnose debug flow show function enable
diagnose debug flow show iprope enable
diagnose debug console timestamp enable
diagnose debug flow trace start 999
diagnose debug enable

In Console 2:
diag sniffer packet any "(host xx.xx.xx.xx and host yy.yy.yy.yy) and icmp" 4 0 l <---xx is SourceIP and yy is DestinationIP

- also if you can show policy config which is being used.

DNB

IPsec VPN - Can't access internal network

Nominate a Forum Post for Knowledge Article Creation