I configured a VPN client access to my local network. This works fine I can see and access the local network as configured within the incoming rules. Now I want to access the remote client from my local network, after closing the VPN. I created the rule to go out,
but in vain, I can´t reach to the client. Where could I be wrong?
Thanks in advance
Regards
Leo
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Do you have a route? If dialup IPSec VPN it would be automatically entered into the routing table, but if SSL VPN, you need to have a static route toward ssl.root interface.
yes there is a route created automatically from the client IP/32 to 0.0.0.0. and with VPN-Client_0 interface.
It´s a dialupIPSec VPN.
Quick thought.. Does the client have a firewall enabled? Next, I would trace route you connectivity back to your client on the IPSecVPN and see where that traffic is dying. If it's not the firewall on your client, it's your policy or your routing me thinks.
-TFWD
I would sniff the traffic if it's going into the tunnel or not. Depending on the model, you need to disable asic offloading at policies for both directions by "set auto-asic-offload disable" to see all in sniffing.
Hello,
normaly a VPN Client connection is a DialUp User connection.
This is a one way connection.
When you closing the VPN Tunnel, your client must reconnect.
Regards
Andreas
Hi Andreas,
is this by design or is there a workaround. I understand normaly its one way. But with some vpn client connections I need a two way connection.
Hi Toshi,
The sniffer shows one way traffic, from the client to the VPN site. Thats okay.
When sniffer the other way around, the vpn site to the client, it seems it wants
to get out on the main interface, and not to the subinterface VPN-Cient.
Tried to add some more routes, but the subinterface VPN-Client doesn´t appear to create the static route.
What type of routes can I configure, to get the traffic go out on the VPN subinterface.
With regards
Leo
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.