Re: Site to Site VPN combined with VPN client
Hi Harry - I also have a very similar (almost exact) issue as what you are describing. Site A, B, C are setup as a Hub/Spoke VPN configuration (I believe) - Site-A being the Hub and Site B & C are the Spokes. FortiClients remote into Site-A. These FortiClients can access resources (Servers) in Site-A as well as Site-B, however, they can NOT currently access the resources in Site-C. So, what you are trying to do, is done in this network. However, I need to also have these users be able to access the Server in Site-C. This issue only occurs with my Remote (FortiClient) users. The local users (on the LAN segment) at Site-A and Site-B can access the Server in Site-C.
I am currently, trying to figure this out for my client as well. I am currently trying to understand the behavior when the FortiClient remotes into each site, before I take any action. The FortiClients are on a different IP subnet (ex: 172.16.x.y/24) from the Internal/LAN employees (192.168.x.y/24) , so I will need to debug on how the "good" case works (find out which policies are being used) and apply similar policies/routes at Site-C and Site-A... at least this is my approach to finding out how it works between Site-A and Site-B. I will continue to monitor and post if I find anything. Good luck.