We have a main office and a remote office connected via a point to point VPN connection with a Fortigate at both ends. Work from home employees connect to the main office via SSL VPN using the client software. Those users are able to access resources on the main office subnet but they are unable to access those on the remote office subnet. Users working on site at either office are able to access resources on the other subnet just fine. Have I missed some piece of configuration?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Two questions for your two VPNs.
1. Do you have NAT set up on the policy (apparently the cookbook was written this way) for SSL VPN to egress interfaces, such as LAN interface and the s2s interface you want to let the SSL VPN users to get to? Or no NAT and exposing SSL VPN user's IP to the destinations?
2. Does the s2s vpn interface has the tunnel interface IP configured on both ends?
Depending on the answers you need to take care of things differently.
Thank for the reply Toshi. Please let me know if these answers are not sufficient.
1. We do have NAT enabled on the ssl.root->LAN policy. it isn't enabled on the policies for traffic over the s2s.
2. On both Fortigates at each end of the s2s vpn we have the IP address of the remote Fortigate configured under VPN->IPsec Tunnels->Network.
Then it's simpler for routing.
1) Check the routing at both FGTs first, if the destination FGT has route back to SSL VPN client subnet.
2) the policies toward/from the s2s vpn on both sides are allowing the SSL VPN subnet.
3) s2s phase2 selectors include SSL VPN subnet.
if still doesn't go across the s2s vpn, you need to sniff (diag sniffer) and run flow debugging for further troubleshooting.
Thanks Toshi. It was 2. It is working now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.