Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎09-19-2004 06:24 AM

PPTP VPN Subnet Mask

Where can I go to control what subnet mask VPN user that are using PPTP get? They can connect to the Fortinet with no problem but they get a 255.255.255.255 mask when our network is on a 255.255.255.0 and they can only ping the inside of the Fortinet. What can I change to get them into the rest of the network through a PPTP VPN?
2038
0 Kudos
3 REPLIES 3
UkWizard
New Contributor

Created on ‎09-19-2004 02:54 PM

You do not control the Subnet mask, and getting the mask 255.255.255.255 is correct, as when using PPTP all traffic gets intercepted by the PPTP server ( in this case the firewall). Are you using an IP range that is the same as the local lan ? If so, this will not work, unless the local lan is subnetted. It is easier to allocate an unused IP subnet that is totally different, and it should work as long as the local lan devices have the firewall as the default gateway and the rules are correct. (should be an EXT->INT rule where source is the PPTP subnet).
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1360
0 Kudos
Not applicable
In response to UkWizard

Created on ‎09-20-2004 06:43 AM

Have different subnets, have 10.0.1.x on main and 10.0.254.x on PPTP, VPN can connect but cannot ping past the gateway of Fortinet 10.0.1.10, cannot access any of the server on remote lan. Have policy for EXT>INT with 10.0.254.x going to 10.0.1.x, any and accept. Should I be trying to use encryption for access?
1361
0 Kudos
UkWizard
New Contributor

Created on ‎09-20-2004 11:28 AM

No, thats the correct way. Are you sure the internal clients have the fortinet as its default gateway ? (you can quickly prove this by enabling NAT on the PPTP rule, as a test) I am presuming you also have a mask on the local lan of 255.255.255.0 ? as anything else would fail anyway. (if you use 255.255.0.0, or 255.0.0.0, they wont work as they overlap the PPTP range) Also check that the internal hosts are allowed outbound, otherwise it may not work anyway. Heres the exact procedure to get PPTP working from scratch. 1. Create a External Address entry (eg. PPTP_Subnet)with an unused IP range (say 10.1.1.x) 2. create an User group (eg. PPTP_Users) 3. create a local user, make them part of the group (in this case PPTP_Users). 4. Enable the PPTP under the VPN section putting in the range (eg. 10.1.1.1 -> 10.1.1.254) 5. Create an EXT -> INT rule (Inbound) saying; SOURCE=PPTP_Subnet DEST=Internal_All Service=ANY NAT=OFF You may also need to allow the internal machines outbound access to respond to the PPTP subnet if it still doesnt work.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1361
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.