Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
migacz
New Contributor III

ipsec vpn two way communication

Hi sorry for my eanglish i have a problem with config ipsec vpn. I configure vpn and i can connect from licent to my network, but i can' t connect form lan to client. Problem is in routing but i dont have idea how to configure it. i have a wan2 with ii eg. 192.168.0.242/255.255.255.242 and i have a few secondary ip eg. 192.168.0.129-142/255.255.255.240 i config this on wan2 interface i add static route dest 0.0.0.0 device wan2 gateway 192.168.0.241 i add few policy routing and every thinks works fine for me. i add vpn and there is only one way communication. this is debug output when i tray ping my vpn client
 FortiGate # id=13 trace_id=3496 msg=" vd-root received a packet(proto=1, 10.10.0.4:1->10.10.200.1:8) from port1." 
 id=13 trace_id=3496 msg=" allocate a new session-00108b5a" 
 id=13 trace_id=3496 msg=" Match policy routing: to 192.168.0.241 via ifindex-10" 
 id=13 trace_id=3496 msg=" find a route: gw-192.168.0.241 via wan2" 
 id=13 trace_id=3496 msg=" find SNAT: IP-192.168.0.136(from IPPOOL), port-62464" 
 id=13 trace_id=3496 msg=" Allowed by Policy-1: SNAT" 
 id=13 trace_id=3496 msg=" SNAT 10.10.0.4->192.168.0.136:62464" 
 
when i delete a static routing vpn works fine but i dont have a internet access and i cant access from internet to my www/mail server. how to set up routing to make things work? anybody can help me? best step by step :)
0 REPLIES 0
Labels
Top Kudoed Authors