Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
XP_2600
New Contributor II

Created on ‎04-05-2022 04:44 AM Edited on ‎04-05-2022 04:45 AM

Remote access VPN

I set a native Windows remote access vpn using the wizard, i choose a range of IP addresses to be assigned for the remote access clients (I kept the subnet as /32) the range i chose is not from my LAN range, vpn worked users can connect and they receive ip from the range, but they cannot access the local resources ,for instance i cannot ping the internal ip addresses after login, do i need to set a static route manually or do anything else ? thanks.

Labels:
1763
0 Kudos
4 REPLIES 4
akristof
Staff
Staff

Created on ‎04-06-2022 06:48 AM

Hello,

 

Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between/...

Adrian
1699
lopezmason
New Contributor
In response to akristof

Created on ‎04-07-2022 02:20 AM

@akristof wrote:

Hello,

 

Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:
 https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between...we become what we behold

That's a good idea

1687
XP_2600
New Contributor II

Created on ‎04-07-2022 03:06 AM

Thank you all for your replies, unfortunately i tried to delete and re create, and i got another error, it was phase 1 error, even though i just re used the wizard but i got ipsec phase 1 negotiation failed, i restored an old backup to make sure there is no conflicts, i guess it is an ISP problem as i can see different IP on fortigate VPN log differ from the computer which i try to remote access from, anyway i used SSL VPN and it fulfilled my needs.

But i think IPSec VPN wizard need to some enhancements on future versions.

1680
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎04-07-2022 03:30 AM Edited on ‎04-07-2022 03:31 AM

generally IPSec debuggig and logging imho needs some enhancement :)

But that's a general ipsec issue not fortinet specific :)

 

However,

 

even if you use a part of your subnet for the vpn clients like you wrote - the traffic will still use different interfaces! Traffic from/to vpn client uses the vpn interface and traffic from/to your other clients in the subnet uses the interface the subnet is on. So to be able to access other clients from out of your vpn you will need some policy :)

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1676
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.