Helpful ReplyHot!FortiClient Default Gateway IPsec

Author
itx86
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/18 03:27:33
  • Status: offline
2019/02/18 03:38:18 (permalink)
0

FortiClient Default Gateway IPsec

Hello guys, I am facing the following challenge and can't get any further. I hope you can help me.
 
I want to connect a VPN between a virtual server (hosted Windows Server 2016) and a data center.
The virtual server has no VPN capability.
With FortiClient I was able to establish the connection to the data center via IPSec,
but it takes the IP of the data center when it goes out to the Internet.

What do I have to change or how do I get it that he keeps his IP?
Or is there another way, I have a FortiGate 50E in the datacenter.

Thank you very much for your help.


#1
SteveG
Gold Member
  • Total Posts : 165
  • Scores: 12
  • Reward points: 0
  • Joined: 2014/11/19 00:26:22
  • Status: offline
Re: FortiClient Default Gateway IPsec 2019/02/18 08:01:49 (permalink)
5 (1)
If I understand what you're asking you need to configure the VPN for Split Tunneling and specify the CIDR ranges you'd like to send via the FortiClient VPN.
#2
itx86
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/18 03:27:33
  • Status: offline
Re: FortiClient Default Gateway IPsec 2019/02/18 11:24:16 (permalink)
0
Hi Steve, thank you so much for the answer.
Yes, I checked that as a test, but nothing has changed.
Where do I set the CIDR? What must I enter, can you please give me an example.
Do I have to consider or change the configuration of IPv4 Policy or Forticlient App?
(screenshot in the attachment)

Thanks for your help.
 

Attached Image(s)

#3
SteveG
Gold Member
  • Total Posts : 165
  • Scores: 12
  • Reward points: 0
  • Joined: 2014/11/19 00:26:22
  • Status: offline
Re: FortiClient Default Gateway IPsec 2019/02/18 15:13:13 (permalink) ☄ Helpfulby itx86 2019/02/19 05:03:33
5 (1)
Thanks for the screenshot, it really helps. Under "Accessible Networks" enter the network range you want to access via the VPN, for example 10.0.0.0/8.
 
This doc provides an example config
 
https://kb.fortinet.com/kb/viewContent.do?externalId=FD36253
 
The part you need is 
    set ipv4-split-include "Internal_Network"     /* Local protected network that the remote dial-up IPsec clients reach */
   
post edited by SteveG - 2019/02/18 15:15:55
#4
itx86
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/18 03:27:33
  • Status: offline
Re: FortiClient Default Gateway IPsec 2019/02/19 03:35:07 (permalink)
0
Thank you, that was the solution. You saved my day, thank you Steve. :-))
#5
SteveG
Gold Member
  • Total Posts : 165
  • Scores: 12
  • Reward points: 0
  • Joined: 2014/11/19 00:26:22
  • Status: offline
Re: FortiClient Default Gateway IPsec 2019/02/19 03:50:14 (permalink)
5 (1)
Excellent :-)
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5