Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SkyLite
New Contributor

VPN Client two way traffic

I configured a VPN client access to my local network.  This works fine I can see and access the local network as configured within the incoming rules. Now I want to access the remote client from my local network, after closing the VPN. I created the rule to go out,

but in vain, I can´t reach to the client. Where could I be wrong?

Thanks in advance

Regards 

Leo

6 REPLIES 6
Toshi_Esumi
Esteemed Contributor III

Do you have a route? If dialup IPSec VPN it would be automatically entered into the routing table, but if SSL VPN, you need to have a static route toward ssl.root interface. 

SkyLite

yes there is a route created automatically from the client IP/32 to 0.0.0.0. and with VPN-Client_0 interface.

It´s a dialupIPSec VPN.

theFWdude

Quick thought..  Does the client have a firewall enabled? Next, I would trace route you connectivity back to your client on the IPSecVPN and see where that traffic is dying.  If it's not the firewall on your client, it's your policy or your routing me thinks.  

-TFWD

-TFWD
Toshi_Esumi
Esteemed Contributor III

I would sniff the traffic if it's going into the tunnel or not. Depending on the model, you need to disable asic offloading at policies for both directions by "set auto-asic-offload disable" to see all in sniffing.

AK
New Contributor

Hello,

normaly a VPN Client connection is a DialUp User connection.

This is a one way connection.

When you closing the VPN Tunnel, your client must reconnect.

 

Regards

Andreas

SkyLite
New Contributor

Hi Andreas,

 

is this by design or is there a workaround. I understand normaly its one way. But with some vpn client connections I need a two way connection.

 

Hi Toshi,

The sniffer shows one way traffic, from the client to the VPN site. Thats okay.

When sniffer the other way around, the vpn site to the client, it seems it wants 

to get out on the main interface, and not to the subinterface VPN-Cient.

Tried to add some more routes, but the subinterface VPN-Client doesn´t appear to create the static route.

 

What type of routes can I configure, to get the traffic go out on the VPN subinterface.

 

With regards

Leo

Labels
Top Kudoed Authors