I set a native Windows remote access vpn using the wizard, i choose a range of IP addresses to be assigned for the remote access clients (I kept the subnet as /32) the range i chose is not from my LAN range, vpn worked users can connect and they receive ip from the range, but they cannot access the local resources ,for instance i cannot ping the internal ip addresses after login, do i need to set a static route manually or do anything else ? thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:
@akristof wrote:Hello,
Thank you for your question. Yes, verify how the routing-table on your device looks. You can also check this kb:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Split-tunneling-on-L2TP-IPSEC-VPN-between...we become what we behold
That's a good idea
Thank you all for your replies, unfortunately i tried to delete and re create, and i got another error, it was phase 1 error, even though i just re used the wizard but i got ipsec phase 1 negotiation failed, i restored an old backup to make sure there is no conflicts, i guess it is an ISP problem as i can see different IP on fortigate VPN log differ from the computer which i try to remote access from, anyway i used SSL VPN and it fulfilled my needs.
But i think IPSec VPN wizard need to some enhancements on future versions.
generally IPSec debuggig and logging imho needs some enhancement :)
But that's a general ipsec issue not fortinet specific :)
However,
even if you use a part of your subnet for the vpn clients like you wrote - the traffic will still use different interfaces! Traffic from/to vpn client uses the vpn interface and traffic from/to your other clients in the subnet uses the interface the subnet is on. So to be able to access other clients from out of your vpn you will need some policy :)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.