Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jlong
New Contributor

ipsec vpn connected but cannot ping remote site

my local ip is 192.168.2.33.

i setup IPSec VPN in office's Fortinet Wifi 60E.

i use FortiClient VPN connect office site and it works and gets ip 192.168.0.10.

but i cannot ping any office computer.

please advise to help.

thanks,

Joe

 

7 REPLIES 7
orani
Contributor II

Did you set up the needed rules to allow traffic go throw? 

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
jlong
New Contributor

i set the policy as below:

Incoming Interface: FortiClient

Outgoing Interface: lan

Source: FortiClient

Destination: all

Service: ALL

NAT enabled

IP Pool Configuration: Use Outgoing Interface Address

orani
Contributor II

You need to disable nat and create also a reverse rule. From lan to forticlient....

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
jlong
New Contributor

I disable the NAT.

Incoming Interface: FortiClient Outgoing Interface: lan Source: FortiClient Destination: all Service: ALL NAT DISABLED IP Pool Configuration: Use Outgoing Interface Address

 

I create a reserve rule:

Incoming Interface: lan Outgoing Interface: FortiClient Source: all Destination: FortiClient Service: ALL NAT disabled IP Pool Configuration: Use Outgoing Interface Address

 

But, it still fails to ping.

I also find that the network icon at bottom right corner becomes disconnect from the internet after ForiClient is connected. 

orani
Contributor II

When you configured vpn, did you enabled ipv4 split tunnel? If yes try disable it

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
jlong
New Contributor

the ipv4 split tunnel is set to DISABLE.

but the problem is still.

jlong
New Contributor

I find that when vpn connected, the Fortinet Virtual Ethernet Adapter (NDIS 6.30) get correct IP 192.168.0.191 and correct DNS. But the gateway gets incorrect IP 192.168.0.192. Should it be the Fortinet's IP 192.168.0.1? if yes, how to set it?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors