- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- vpn connection successful - file sharing works, b...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 01-10-2006 02:35 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vpn connection successful - file sharing works, but no remote dekstop, ssl or ping from outside net.
Hi Everybody, hope that somebody can help me with this problem.
Intro
I' ve managed to set up a ipsec vpn conection following the example given by fortinet " dial-up vpn example" - except for the " set single-source enable" the entire configuration match the one given by fortinet. i have defined no other rules, for inbound traffic og outbound traffic. the reason for not typing the " set single-source" is that the firmware is old, and i cant find a ftp server where i can download the new firmware.
THE PROBLEM
I' m able to use windows filesharing with my vpn, but i' m unable to use remote desktop (microsoft), or connect to a machine on the internal lan using ssh.
I' m able to ping the external client from with in the network, but i' m unable to ping the internal servers, from the external client. if i do a tracert i command prompht i get to the firewall, and then the rest of the time it just shows stars, as if i' m unable to get through the firewall.
Please help
Any comments are welcome, on how to solve the problem or direction to where i might download the new firmware.
kind Regards Carl
12 REPLIES 12
Not applicable
Created on 01-10-2006 02:56 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Perhaps too obvious... but does the fw rule allow a tunnel in both ways?
Regards, Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The firewall policy is set to
Adress: all Destination: All
Schedule: always
Service: Any
Action: Encrypt
VPNTunnel: " blabla"
Allow inbound
Allow outbound
Inbound Nat
Protection Profile: Strict
so i guess this means that both ways are allowed.
Kind Regards Carl
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello,
try to disable the " inbound NAT" .
maybe that' s the problem.
regards
andy
Not applicable
Created on 01-11-2006 12:57 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disabled inbound nat, no difference, everything still works as before, filesharing ok, but no ping, sll or remote desktop.
could it be something with the firmware of the firewall, or is something to do with the way remote desktop works?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello,
what about a traceroute? at which place does it end?
the firewall on the PC allows you to ping?
regards
andy
Not applicable
Created on 01-12-2006 04:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did a trace route from the client, and it stops at the ip address of the external interface, of the firewall, using debug on the firewall i' m able to see that the firewall picks up something, but i don' t know what it means.
Kind Regards Carl
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds to me like you have only the Filesharing opened on the windows firewalls on the clients.
As you can share files, it severely limits the number of places where it can go wrong. IP traffic is fine, so it' s 99.9% a firewall that stops you. Probably the one on the clients.
Not applicable
Created on 01-13-2006 01:14 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have tried to disable the firewall on a client on the lan, but i' m still unable to access the client. if i log into the FortiGate firewall and enter:
diagnose debug enable
diagnose debug console timestamp enable
diagnose debug application ike 2
i' m able to se some kind of trafic when i ping a client on the internal lan from the external klient. but when i use remote desktop i' m unable to see any kind of traffic, does the remote desktop travel along some other kind of route? fx the internet instead of the vpn tunnel.
kind regards Carl
Not applicable
Created on 01-13-2006 01:22 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in the forticlient i have set up virtual ip acquisition like this
IP: 192.168.2.130
SUB: 255.255.255.128
DNS: 192.168.2.6
WINS: 192.168.2.6
i should use the dns server of my regular lan right? or should it be set to the ip of the external interface?
another thing which seems wierd to me is that if i do a ipconfig /all on a client after the vpn connection has been established.
the result is:
IP: 192.168.2.130
SUB: 255.255.255.128
Def Gateway :
DHCP: 192.168.2.131
DNS: 192.168.2.6
WINS: 192.168.2.6
Shouldn' t there be a default gateway, and what about dhcp, I haven' t set any dhcp server up on that ip.
Don' t know if this info helps in any way.
Kind regards Carl
Related Posts
- VPN tunnel connected but i can't... 91 Views
- How to translate LANCOM IKEv2 IPsec... 94 Views
- SSL VPN connection attempt prompts Fortiguard... 123 Views
- customer wants to connect to wifi... 96 Views
- Connection across Hub and Spoke BGP 73 Views
Labels
-
FortiGate
6,943 -
FortiClient
1,368 -
5.2
801 -
5.4
639 -
FortiManager
600 -
FortiAnalyzer
440 -
6.0
416 -
5.6
362 -
FortiAP
362 -
FortiSwitch
358 -
FortiClient EMS
281 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
99 -
FortiGateCloud
92 -
FortiSIEM
91 -
SSL-VPN
87 -
FortiCloud Products
85 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
42 -
Fortivoice
41 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
High Availability
28 -
FortiAuthenticator
27 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
DNS
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 991 | |
| 831 | |
| 462 | |
| 440 | |
| 132 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.