Hot!IPSEC VPN Behind Router

Author
Isinger
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/01 13:46:20
  • Status: offline
2019/02/02 06:36:40 (permalink)
0

IPSEC VPN Behind Router

Hello,
I have setup IPSec VPN on my FortiGate 60E that reside behind a router,
I used port forwarding 500 and 4500 to foritgate wan interface and allowed Ipsec passthrough on my linksys router.
 
I am using fortiClient to remote access the VPN. I can connect to LAN Network and ping everything and i can RDP anything  with no problem , but i can't use putty SSH or access web server or connect to database ports.
 
not sure what iam missing , If i use putty to connect to my local server , the login screen appear but then connection timeout? 

 
I used to do port forwarding from router to fortigate firewall --> to server using virtual IP's
 
any help will be appreciated
#1

3 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1623
    • Scores: 137
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: IPSEC VPN Behind Router 2019/02/03 16:34:35 (permalink)
    0
    I would check the server if it has a route back toward your VPN client IP and if it's allowing SSH from the IP, which is different from your previous Virtual IP setup.
    #2
    Isinger
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/01 13:46:20
    • Status: offline
    Re: IPSEC VPN Behind Router 2019/02/04 00:31:27 (permalink)
    0
    Dear Toshi,
    Thank you for your reply, Actually i did try to add the route between the server and the VPN-IPSEC network but it didn't work, 
     
    VPN-IPSEC subnet  is 192.168.25.0 , LAN Subnet is 192.168.45.x
    So I added the route : route add -net 192.168.25.0 netmask 255.255.255.0 gw 192.168.45.X dev eth2
    SSH and server ports are allowed on eth2 firewall ( and i disabled firewall for testing )
     
    what do you think?
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1623
    • Scores: 137
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: IPSEC VPN Behind Router 2019/02/04 10:23:32 (permalink)
    0
    Then, I would run Wireshark on the server and sniffer on the FG60E to see how far the packets from the client is reaching, and if the server is replying. For sniffing, don't forget disable auto-asic-offload at incoming and outgoing policies.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5