Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alihmp2005
New Contributor

Created on ‎08-03-2022 04:54 AM

Remote SSL VPN User cannot see other branches.

Hello Guys,

 

I have configured this network in my laboratory(Please see the photo) Toplogy.png. I have two Fortigate 7.2 and both Fortigates are connected through a Site-To-Site VPN Tunnel(I created by IPSEC Wizard) and also I have configured SSL VPN Tunnel mode and my remote user is connected to Fortigate 1 with Public IP 1.1.1.1, now the problem is that Remote VPN user can only see the Client 1 and cannot see the Client 2, what can be issue? or do you have any training material for this topology? 

Thanks in advanced,

Ali 

Labels:
2064
0 Kudos
1 Solution
vdralio
Staff
Staff

Created on ‎08-03-2022 06:03 AM

Dear @alihmp2005 ,

 

Please check the articles below they will help you resolve the issue:

 

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/45836/ssl-vpn-to-ipsec-vpn

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-traffic-originating-from-SSLVPN-in...

 

Best Regards,

Vasil Dralio

View solution in original post

2056
0 Kudos
3 REPLIES 3
vdralio
Staff
Staff

Created on ‎08-03-2022 06:03 AM

Dear @alihmp2005 ,

 

Please check the articles below they will help you resolve the issue:

 

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/45836/ssl-vpn-to-ipsec-vpn

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-traffic-originating-from-SSLVPN-in...

 

Best Regards,

Vasil Dralio

2057
0 Kudos
alihmp2005
New Contributor
In response to vdralio

Created on ‎08-05-2022 02:19 PM

Thank you so much, I found the problem, I didn't add the Remote VPN IP IP Range in the routing and policy, I added it and problem solved.

2019
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎08-03-2022 07:59 AM

well I would first check the routing table on the remote user client. It has to have a route to the subnet where Fortigate 2 and Client 2 are in. Or the default route has to have FortiGate 1 as gateway (which would mean that all of remote user's internet traffic would go over the vpn and hit FortiGate 1. I would not recommend that).

That is because the routing table is the first thing that is looked at to find a way to the destination. And that way is either the default route (because it matches anything that is not matched by any other route) or a static/connected route.

Then FortiGate 1 has to also know a route to FortiGate 2 subnet plus also has to have a policy that allows traffic from vpn to Fortigate 2 subnet.

And last but not least FortiGate2 has to have a route back to your vpn and  a policy to allow traffic to flow.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
2051
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.