Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

SSL-VPN cannot reach other subnet over IPSEC tunnel


Using Firmware 5.2.3


Network info:

Office 1:

Office 2:

IPSEC tunnel: VPN_Offices 

SSL-VPN connects to Office1


The offices are connected over an IPSEC tunnel and I can reach resources on both subnets from both sites.


The SSL-VPN is configured with Routing address för both subnets and is configured on Office1.

set split-tunneling-routing-address "Office1" "Office2"


I have configure rules from ssl.root to (Office1, Office2, VPN_Offices)

I have configure rules from (Office1, Office2,VPN_Offices) to ssl.root


Still, I can't reach anything on Office2 when connected to SSL-VPN.


What have I missed?


I have set it up almost exactly as in this guide

In the comments they discuss IPSEC site to site and how to get it to work with SSL-VPN clients and talk about "right combination of policies and adding in the extra Phase 2 / quick-mode selector settings to match the SSL VPN user range".

New Contributor

Hi ,


You do not need to add an additional quick mode selector in ph2  for an ssl vpn subnet , instead  you can use the NAT feature in the policy to achieve the task .




Top Kudoed Authors