I have two routers connected using ipsec site to site.
The remote user connects to router A (192.168.1.0/24) and has access to the network. The remote user does not have access to network B ( 192.168.2.0/24) How to make it have access to network B
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @jacm ,
If you have phase 2 selector configured on IP Sec tunnel, you will have to add the SSL VPN IP Subnet in the phase 2 selector on both sides of the tunnel.
You also need to create 2 firewall policies SSL VPN--> IP Sec and IP Sec to SSL VPN on Site A
In the firewall policies on Site B, you have to add the SSL VPN IP Subnet in the IP Sec --> internal firewall policy
You have to add a static route on Site B with destination as SSL VPN Subnet and exit interface as IP Sec tunnel.
Hope that helps.
Regards,
Varun
Hi,
Please run the below commands to check where the traffic is going.
Putty 1
--------
# diagnose sniffer packet any "host x.x.x.x and host y.y.y.y" 4 0 l
*** x.x.x.x is the Source IP address and y.y.y.y is the destination IP ***
ctrl+C to stop
Putty 2
-------
# diag debug reset
# diagnose debug flow filter addr x.x.x.x -->Source IP address
# diagnose debug flow filter addr y.y.y.y -->Destination IP address
# diag debug flow filter proto 1
# diag debug console timestamp enable
# diag debug flow trace start 9999
# diag debug enable
*** x.x.x.x is the Source IP address and y.y.y.y is the destination IP ***
*** Run for 5-10 minutes ***
# diagnose debug disable
# diag debug reset
Putty 3
----------
# get router info routing-table all
# get router info routing-table details y.y.y.y
*** y.y.y.y is the destination IP ***
Best regards,
Erlin
@jacm
Check this link for right configuration:
SSL VPN to IPsec VPN | FortiGate / FortiOS 7.4.1 | Fortinet Document Library
Compare your config with this guide and do proper changes.
If you found this as a solution, please like and accept it to make it easily accessible for others.
Regards!
Hi @jacm,
Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-traffic-originating-from-SSLVPN-in...
Regards,
Hi @jacm ,
If you have phase 2 selector configured on IP Sec tunnel, you will have to add the SSL VPN IP Subnet in the phase 2 selector on both sides of the tunnel.
You also need to create 2 firewall policies SSL VPN--> IP Sec and IP Sec to SSL VPN on Site A
In the firewall policies on Site B, you have to add the SSL VPN IP Subnet in the IP Sec --> internal firewall policy
You have to add a static route on Site B with destination as SSL VPN Subnet and exit interface as IP Sec tunnel.
Hope that helps.
Regards,
Varun
Can you tell me what static routing should look like?
I managed, thank you for your answers
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.