Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kaspervb
New Contributor

VPN routes are not advertised to client.

Hi all,

 

My setup(in basics): I have multiple Fortigate SG60, they are different physical locations. I configured a site-to-site IPsec VPN between the Fortigate SG60 in the DC to all sites. Which works fine (as far as I know). Lets call DC site A.

 

Site A:

I have a MGMT vlan and within this VLAN multiple VMs reside. It is possible to ping from a VM in site A to site B. In other words, to ping the other side of the VPN tunnel.

 

I also have a dial-up VPN from my laptop to site A. Which works fine. From my laptop it is now possible to enter the MGMT network. Also it is possible to ping site B over the VPN. The routes are advertised.  So far so good.

 

Now the problem, I recently added site C. A new Fortigate on a different physical location. IPsec site-to-site works fine. Also it is possible to ping site C from a VM in the mgmt network in site A. What is not possible: to ping site C from my laptop (that is connected with the dial-up VPN).For some reason the route to this site are not advertised by fortigate. When I start a traceroute frrom my laptop it just tries to find site C on the public internet... 

I added the same firewall rules and static routes as for site B (which is accessible from my laptop).

 

Now my question to you: does anyone have an idea what could be wrong? What kind of information(configs, tests idk) would you like to see in order to the a grasp of the problem.

 

If someone has a clue please share it with me!

 

Kind regards,

Kasper

1 Solution
bdavies
New Contributor II

I've had some similar troubles due to network numbering. If the local network you're connecting from matches the destination network i.e. both are 192.168.1.x, routes do not work properly. It tries to contact the local LAN gateway as you describe. The only fix I've found is to change the local network's numbering. In our case, it was the remote user's home LAN. Just adjusted their DHCP settings. Ideally, I will move our company network over to something less common in the future to avoid this.

View solution in original post

2 REPLIES 2
bdavies
New Contributor II

I've had some similar troubles due to network numbering. If the local network you're connecting from matches the destination network i.e. both are 192.168.1.x, routes do not work properly. It tries to contact the local LAN gateway as you describe. The only fix I've found is to change the local network's numbering. In our case, it was the remote user's home LAN. Just adjusted their DHCP settings. Ideally, I will move our company network over to something less common in the future to avoid this.

kaspervb

Hi,

 

Thanks for your reply!

 

My local network is 192.168.0.0/24 network while the remote network that doesnt work (site c) is a 10.100.54.0/24 network.

 

Site B that does work is a 10.72.7.0/24 network. Strange right? I added for both sites static routes.

Labels
Top Kudoed Authors