Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ohop3n
New Contributor

Created on ‎11-01-2019 07:07 AM

SSL VPN through two Fortigates

hello everybody

 

I have a problem with looping through an SSL VPN connection. The goal should be to register via VPN to the first Fortigate and then to access the subnets of the second and third fortigate.

Construction network: Modem with port forwarding of the VPN connection to the first Fortigate. Each fortigate defines and routes its own subnets. The connection to the second / third fortigate is created via a VLAN. on all fortigates runs RIPv2. on all fortigate's the addresses of the other fortigate's (subnets) are known.

 

From each subnet of a fortigate, the subnetted of the other fortigate can be accessed. this works. VPN connection from an external PC to the first fortigate is established and access to the subnets works. However, I do not come with this vpn connection on the subnets of the other fortigate's.

 

Where can I start for it? The whole thing is constructed as a ring network. later several fortigs will be connected to the ring.

any ideas?

 

 

1867
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser

Created on ‎11-01-2019 08:28 AM

You didn't mention about the subnet of client "SSL-VPN". Check the route for the subnet at 2nd and 3rd FGTs if they've learned via RIP. Then the rest would be combination of "diag sniffer packets" and "diag debug flow" at each FGT; the common troubleshooting process for any routing problems.  I'm assuming, of course, you already checked the routing table on the clients those routes for all subnets were there.

View solution in original post

1222
0 Kudos
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎11-01-2019 08:28 AM

You didn't mention about the subnet of client "SSL-VPN". Check the route for the subnet at 2nd and 3rd FGTs if they've learned via RIP. Then the rest would be combination of "diag sniffer packets" and "diag debug flow" at each FGT; the common troubleshooting process for any routing problems.  I'm assuming, of course, you already checked the routing table on the clients those routes for all subnets were there.

1223
0 Kudos
Ohop3n
New Contributor
In response to Toshi_Esumi

Created on ‎11-12-2019 08:07 AM

Problem Solved!

 

The Clients and FGT's had learned all routes.  The missing peace was a static route at 2nd and 3rd FGT from the SSL-VPN address back to the 1st FGT.

 

Thanks for the Help!

1192
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.