Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pacheco82p
New Contributor

NAT is not working in VPN SSL

I have a VPN SSL configured.

I can conect in the VPN with the company, but when I see my external IP address in the internet, is not external address of company.

For example:

In my company , the external IP address is 200.200.200.200.

In my home, the external IP address is 100.120.200.177

I am conected in the VPN with the company, but my external IP address is  100.120.200.177

I checked the settings, and it has NAT enabled. Everything was working before but now it doesn't work

What I need to do ?

My Fortigate is Fortigate 300D

10 REPLIES 10
Toshi_Esumi
Esteemed Contributor III

So you are saying at least previously your default route was pointing into the tunnel and you're internet bound traffic was going over the tunnel then get out from the company's 300D. But now go out via your local internet connection.

Then likely the split-tunnel is not in place at the 300D. If you're not managing config on the 300D, you need to ask the person who does that then get trableshoot whatever not working now. You can't do much on the client side.

 

Toshi

Pacheco82p

Yes, but my route is correct.

 

I tryed everything, but is not working.

 

rota.PNG

Toshi_Esumi
Esteemed Contributor III

are you talking about "FortiGate as SSL VPN Client"? Not Forticlient or Forticlient VPN app?

Pacheco82p

SSL VPN Client.

 

I checked split-tunnel is enable. But still is not working,

 

tunel.PNG

Toshi_Esumi
Esteemed Contributor III

It's opposite. If slit-tunnel is enabled, the default internet from the client side doesn't go though the server side, but goes out to the internet locally.

parteeksharma

Dear Pacheco82p,
Hope you are doing good.
Please be informed that if split tunnel is enabled then only the traffic which matches the split tunneling policy will be routed to fortigate, rest all other traffic will pass to internet through the local ISP network configured at client side.

Regards,
Parteek

Pacheco82p

Hi, OK, now split tunel is disable. 

I can access company local network with VPN. But I can not access internet. 

So now what I need to do? Please, show me a example.

Toshi_Esumi
Esteemed Contributor III

You said everything was working before. Did you remove/change the policy toward the internet from the ssl.root with NAT?

 

Toshi

Pacheco82p

No, I am not changed. Now I am trying to reconfigure again.

I think that I need a step-by-step. I am lost now.

Can you help?

Labels
Top Kudoed Authors