FortiClient can’t connect over dail-up VPN to remote site
After upgrading from 5.2.x or 5.4.x to 5.6.2 it is possible that FortiClient VPN connected clients can not access a remote site over VPN anymore from the FortiGate that they are connecting to.
The local LAN is accessible, but the remote LAN is not.
It seems there is a routing issue in the 5.6.2 OS. If you do
# execute traceroute <ip-address>
you will see the first IP adres beeing an IP address that is not defined in the Dail-up FortiGate.
You must add a static route at the remote site with the IP range of the IPsec client IP adresses.
With
# diagnose sniffer packet <interface> 'host <ip adress>'
you must see a ping request and reply on both the source FortiGate and the remote FortiGate.