Helpful ReplyHot!FortiClient VPN - Connects ok, BUT No Remote Access & No Internet

Author
ThePro
Bronze Member
  • Total Posts : 34
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/11/14 17:35:30
  • Status: offline
2018/08/03 08:33:01 (permalink)
0

FortiClient VPN - Connects ok, BUT No Remote Access & No Internet

I have a remote user that for an unknown reason started to have issues connecting remotely.
 
No changes were done on the Fortigate. According to the user not no changes on the remote user side network (same ISP, same router). Previous to the issue they had been connecting without any issues since it was setup months ago on a daily basis.
 
FortiClient connects but I lose Internet access and I cant ping the devices at the main office. I also noticed that I dont get an IP assigned.
 
I already restarted the Fortigate and deleted and recreated the FortiClient VPN.
 
Office/Fortigate network/subnet is 10.10.10.0
Remote sites network/subnet is 10.0.0.0
 
I have experience issues in the past with overlapping subnets with FortiClient, but in those cases the device connecting remotely didnt loose Internet access, it just had issues accessing some devices at the office if some IP overlapped. They have been working fine for months
 
Could it be issues with the subnets? Something else?
#1
Toshi Esumi
Expert Member
  • Total Posts : 2177
  • Scores: 213
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2018/08/03 08:58:08 (permalink) ☄ Helpfulby Asus 2019/03/16 03:31:40
0
Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.
#2
ThePro
Bronze Member
  • Total Posts : 34
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/11/14 17:35:30
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2018/08/03 10:15:46 (permalink) ☄ Helpfulby Asus 2019/03/16 03:31:36
0
toshiesumi
Is the tunnel supposed to split (local internet) or go over the tunnel and get out to the internet from the FGT? Check the routing table on the client device (PC, Mac, etc.) depending on split-tunnel set up.



I have split-tunnel enabled.
#3
Toshi Esumi
Expert Member
  • Total Posts : 2177
  • Scores: 213
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2018/08/03 12:08:17 (permalink) ☄ Helpfulby Asus 2019/03/16 03:31:33
0
Then it's a problem on the client side if it loses internet. Something must have changed on the device or the FortiClient.
For the access problem over the tunnel, again, you should check those specific routes are actually inserted into the routing table.
#4
ThePro
Bronze Member
  • Total Posts : 34
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/11/14 17:35:30
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2018/08/03 20:07:32 (permalink) ☄ Helpfulby Asus 2019/03/16 03:31:29
0
I dont think its specifically on the clients side. I have configured the VPN on a few workstation afterwards and some work, others dont.
 
Those that dont I notice the VPN connects, but on the FortiClient Window it doesnt have an IP assigned (it appears blank).
#5
Toshi Esumi
Expert Member
  • Total Posts : 2177
  • Scores: 213
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2018/08/03 22:37:11 (permalink) ☄ Helpfulby Asus 2019/03/16 03:31:23
0
You need to run debugging on the FGT when it fails. If IPsec, "diag debug app ike -1". If SSL VPN, "diag debug app sslvpn -1".
#6
suneerkadooran
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/07/05 03:51:26
  • Status: offline
Re: FortiClient VPN - Connects ok, BUT No Remote Access & No Internet 2020/07/05 03:53:49 (permalink)
0
Dear , 
you have to create ipv4 policy between your vpn interface to wan interface.
source=vpn interface
destnation=wan interface
allow all,
please try it.. 
#7
Jump to:
© 2020 APG vNext Commercial Version 5.5