SSL-VPN traffic not passed through Site-to-Site IPSec VPN
I' m not able to access a branch office on the other side of an IPsec VPN when I SSL-VPN into the HQ. However I' ve found a workaround using IP Routing in Windows every time I connect, but I' m kind of curious why that' s required.
HQ - FG110C, v4 MR3, Subnets 10.0.0.0/24, 10.1.0.0/24
Branch Office FWF40C, v4 MR3, Subnet 10.6.0.0/24
IPsec VPN (route/interface based) between the two offices. Works fine inside either office.
SSL-VPN on the HQ FortiGate (IP Pool: 220.127.116.11/23). Works fine to the HQ subnets. Split-tunneling is on.
Policies on both FGs allow traffic to and from the ssl.root interface and the ssl.root subnet (172.32...) via the IPsec interface.
Using FortiClient 18.104.22.1682.
When I SSL-VPN into the HQ FG, I checked the IP Routes (Windows) and noticed that the 10.0.0.0/24 and 10.1.0.0/24 subnets were added, routed through gateway 22.214.171.124 (the fortissl adapter gateway).
So I just added a route:
route add 10.6.0.0 mask 255.255.255.0 126.96.36.199 if 51
(where 51 is the fortissl interface id number) and blammo, traffic goes through just fine.
Any idea why the branch office subnet isn' t automatically being handled by the FortiClient?