Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pxiannie
New Contributor III

Created on ‎02-29-2024 12:32 AM

Server IP address could not be found for IPsec VPN Remote Access

Hi, I'm trying to remote access to local lan using forticlient. I'm able to connect to IPsec VPN and ping 192.168.1.1 but cannot ping my server ip address and access to local server. Is there any problem for my settings? My server ip address also one of the range in Local-LAN but why I cannot ping my server? Please help.
Screenshot 2024-02-29 162511.png
Screenshot 2024-02-29 162559.png
Regards,


Labels:
1022
0 Kudos
16 REPLIES 16
pxiannie
New Contributor III
In response to ebilcari

Created on ‎03-14-2024 12:09 AM

Hi @ebilcari
 

I'm able to ping my server and access local system after add the server ip address and servername to the hosts file.  But that works for FortiClient desktop only, is there any way to solve the dns resolution problem after connect using FortiClient mobile app?

Regards,

362
0 Kudos
ebilcari
Staff
Staff
In response to pxiannie

Created on ‎03-14-2024 02:56 AM

Yes, you can change the VPN settings, push FGT as the DNS server and add an A record for this server. Configuration steps are shown in this article.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
345
pxiannie
New Contributor III
In response to ebilcari

Created on ‎03-14-2024 06:23 PM

Hi @ebilcari ,

I'm using IPsec VPN, is there any solution for IPsec? I dont have the domain "xxx.com" . How to make the server ip address match with the servername "xxxserver" in FortiClient mobile so that I can access Active Server Pages (http://xxxserver:8484/Login.aspx) ?

Regards,

323
0 Kudos
ebilcari
Staff
Staff
In response to pxiannie

Created on ‎03-15-2024 01:35 AM

The DNS server configuration is the same as shown on the article for SSLVPN. To apply that on IPSec follow this or this article.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
309
Patron
New Contributor

Created on ‎03-07-2024 10:57 PM

Not sure how you set it up, but you might need to add a route in the firewall explicit for the tunnel range.

Because you are using NAT and it works, it looks like that's the issue

390
0 Kudos
Durga_Ashwath
Staff
Staff

Created on ‎03-14-2024 01:59 AM

Hello Team,

 

 FortiGate device is attempting to establish a connection to the FortiGuard server at IP address 173.243.143.6. This IP address does not belong to the 192.168.1.x subnet, so it's unlikely that it uses .1 as the gateway within that subnet.

Regarding firewall rules on the server, it's essential to check if there are any specific rules that might be blocking traffic from the source IP addresses of the FortiGate device or VPN clients. If there are restrictive firewall rules in place, they could potentially block the communication between the FortiGate device and the FortiGuard server.

Additionally, if NAT is not enabled on the firewall policy that allows traffic from the FortiGate device to reach external servers like the FortiGuard server, the requests will indeed be sourced by the IP of the VPN client. This means that the firewall rules on the server should allow traffic from the VPN client IPs as well, not just from the FortiGate device's IP.

In summary, it's crucial to:

  1. Check if the FortiGuard server's IP address is within the 192.168.1.x subnet and if it uses .1 as the gateway (if applicable).
  2. Review firewall rules on the server to ensure they allow traffic from both the FortiGate device's IP and the VPN client IPs.
  3. Consider enabling NAT on the firewall policy if necessary, to ensure that requests are sourced correctly.

Thank you.

355
pxiannie
New Contributor III
In response to Durga_Ashwath

Created on ‎03-14-2024 02:49 AM Edited on ‎03-14-2024 02:50 AM

Hi @Durga_Ashwath ,

I'm able to ping my server and server ip address in computer after added server name and server ip address in hosts file. But I still not able to access my local system in mobile, how to solve dns resolution problem in mobile? 

Regards,

349
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.