Fortigate IPSec Remote VPN connects but cannot access network resources.

NZ-Tech · ‎12-09-2021

Hi there, bit of a noob here, thanks for your understanding in advance :)

The hardware: Fortiwifi 60f, FS148OE Switch.

The switch is connected via FortiLink and has been authorizes and is showing as online.

I have the gate with a few rules, a VLAN for the switch ports on 10.2.2.0/24

I have setup a IPSEC remote vpn (split).

The VPN can connect no problem and is getting IP and DNS from VPN (using Forti client).

My issue is that I can access network resources - cannot ping either way.

Let me know if more info is needed....

Policy as follows:

config firewall policy

edit 13

set name "vpn_IPSEC_VPN_remote_0"

set srcintf "IPSEC_VPN"

set dstintf "INSIDE_FortiSwitch" --->(10.2.2.0/24)

set action accept

set srcaddr "IPSEC_VPN_range"

set dstaddr "all"

set schedule "always"

set service "ALL"

set logtraffic all

set nat enable

set comments "VPN: IPSEC_VPN (Created by VPN wizard)"

THE VPN:

IP Version IP v4

Incoming Interface: VOIP_HQ_WAN (WAN-UFB)

Use system DNS in mode yes

Assign IP RANGE 10.2.2.220-10.2.2.228

SUBNET: 255.255.255.0

IPv4 Split Tunnel: yes

R_F · ‎12-12-2021

how about defining your static route? you can try as well SSL VPN as your tool for remote access.

destination: ipsec vpn net

gateway: 0.0.0.0

interface: IPSEC_VPN (VPN Tunnel name)

R_F · ‎12-12-2021

how about defining your static route? you can try as well SSL VPN as your tool for remote access.

destination: ipsec vpn net

gateway: 0.0.0.0

interface: IPSEC_VPN (VPN Tunnel name)

NZ-Tech · ‎12-13-2021

Thanks for that - worked a treat :)

R_F · ‎12-13-2021

good to hear it works on your end.

BDH · ‎04-05-2024

HOW that the destination is ipsec vpn net, in my case i cannt reach local network ressources do i need to put my local network on dest?

Nominate a Forum Post for Knowledge Article Creation