ipsec vpn connected but cannot ping remote site

jlong · ‎09-06-2019

my local ip is 192.168.2.33.

i setup IPSec VPN in office's Fortinet Wifi 60E.

i use FortiClient VPN connect office site and it works and gets ip 192.168.0.10.

but i cannot ping any office computer.

please advise to help.

thanks,

Joe

orani · ‎09-06-2019

Did you set up the needed rules to allow traffic go throw?

Orestis Nikolaidis

Network Engineer/IT Administrator

jlong · ‎09-06-2019

i set the policy as below:

Incoming Interface: FortiClient

Outgoing Interface: lan

Source: FortiClient

Destination: all

Service: ALL

NAT enabled

IP Pool Configuration: Use Outgoing Interface Address

orani · ‎09-07-2019

You need to disable nat and create also a reverse rule. From lan to forticlient....

Orestis Nikolaidis

Network Engineer/IT Administrator

jlong · ‎09-08-2019

I disable the NAT.

Incoming Interface: FortiClient Outgoing Interface: lan Source: FortiClient Destination: all Service: ALL NAT DISABLED IP Pool Configuration: Use Outgoing Interface Address

I create a reserve rule:

Incoming Interface: lan Outgoing Interface: FortiClient Source: all Destination: FortiClient Service: ALL NAT disabled IP Pool Configuration: Use Outgoing Interface Address

But, it still fails to ping.

I also find that the network icon at bottom right corner becomes disconnect from the internet after ForiClient is connected.

orani · ‎09-08-2019

When you configured vpn, did you enabled ipv4 split tunnel? If yes try disable it

Orestis Nikolaidis

Network Engineer/IT Administrator

jlong · ‎09-08-2019

the ipv4 split tunnel is set to DISABLE.

but the problem is still.

jlong · ‎09-08-2019

I find that when vpn connected, the Fortinet Virtual Ethernet Adapter (NDIS 6.30) get correct IP 192.168.0.191 and correct DNS. But the gateway gets incorrect IP 192.168.0.192. Should it be the Fortinet's IP 192.168.0.1? if yes, how to set it?