Hot!Can connect to SSL VPN with FortiClient, but no access to internal network

Author
Khuong Nguyen
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/25 23:05:57
  • Status: offline
2020/02/26 00:43:19 (permalink)
0

Can connect to SSL VPN with FortiClient, but no access to internal network

Hi Everyone,
Currently, I am using Firewall Fortigate 100D. From another remote computer I connect to the VPN, I can connect but I cannot access the local network.
If you use another wifi network, you can access the internal network. 
When I checked the connection, I found it only reached the WAN IP of Fortigate. Without seeing the IP gateway.
Please give me a solution.
Thank you very much.
#1

3 Replies Related Threads

    sw2090
    Platinum Member
    • Total Posts : 551
    • Scores: 39
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Can connect to SSL VPN with FortiClient, but no access to internal network 2020/02/26 04:20:22 (permalink)
    5 (1)
    hm for this we need some more info.
     
    Did you enable split tunneling on that VPN?
    If not this will set up a second default route on your client upon dialling in successfully.
    Accoarding to the metric of the default routes this may result in what you get (or not get).
    Because lowest metric serves first traffic to your internal subnet that shuld go over the vpn might take the wrong way and so will not reach its destination.
    If you enable split tunneling your client's default route will not be touched and a static net route for every subnet specified in split tunneling on the FGT will be rolled out upon dialling in. This is unique then and cannot go wrong way.
     
    you could check this either by deleting your default routes and then set only one up for the tunnel - or manually add a net route for the internal subnet on the client with correct gateway.
     
    I enountered this several times while setting up vpn ipsec tunnels during the last weeks especially on windwows clients.
    post edited by sw2090 - 2020/02/26 04:21:29
    #2
    Toshi Esumi
    Expert Member
    • Total Posts : 2031
    • Scores: 186
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Can connect to SSL VPN with FortiClient, but no access to internal network 2020/02/26 14:03:01 (permalink)
    5 (1)
    In case split tunneling, the first thing you need to check is if the client machine pulled the internal network prefixes into the routing table, or not, in order to isolate the issue either at the FGT side or the client side. With Windows, "route print", with Mac, "netstat -nr".
    #3
    isamt
    New Member
    • Total Posts : 20
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Can connect to SSL VPN with FortiClient, but no access to internal network 2020/03/01 03:07:33 (permalink)
    5 (1)
    First thing you should check is that you have a rule for interface ssl.root to your Lan interface
     
    If you want all Vpn users traffic, including Internet browsing to pass over the tunnel then do not enable split tunnelling.
    If you want Vpn users to be able to use their local Internet line for browsing then you will need split tunnelling.
     
    In your case believe issue is you have no policy configured to allow the vpn client access to your lan
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5