Solved

Fortigate 50B Remote Client VPN Setup

Posted on 2010-09-09
6
2,788 Views
Last Modified: 2012-05-10
I am trying to setup a remote user VPN, and no matter what i do, the clients can connect but they cannot the internal network when doing so. I created phase1/phase 2, and assigned a DHCP of 192.168.4.x to remote users, and my internal lan subnet is 192.168.5.x. They are authenticated but cannot reach anything in the 5.x subnet. I created a firewall policy to allow traffic from the WAN to the Internal LAN, and also from 192.168.4.x to 192.168.5.x, not sure what else to do at this point
0
Comment
Question by:Cobra25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 5

Expert Comment

by:2Cs
ID: 33644858
No familiar with Fortigate but you need a network translation rule to say that 192.168.4.xxx are on the same network as 192.168.5.xxx.

What rule have you created? What ports, protocols, etc. does it allow?

Al
0
 
LVL 5

Expert Comment

by:2Cs
ID: 33644859
*network address translation (NAT)
0
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 33648399
Are you trying to complete a site-to-site VPN? Or a user dial-up VPN?
Can you post a screen shot of your policy setup?
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 4

Author Comment

by:Cobra25
ID: 33648406
Its a user dial up VPN.

I got it working, by turning off the IP-Sec VPN.
0
 
LVL 4

Accepted Solution

by:
Whiterat earned 500 total points
ID: 33651337
As far as I recall, Dialup IPSEC tunnels are created as a separate interface/zone.

i.e if the Phase1 of the dialup tunnel is called "DIALUP" then you must make a policy from the interface "DIALUP to LAN and vice versa.
0
 
LVL 4

Author Closing Comment

by:Cobra25
ID: 33666816
Sounds about right
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5520 problem with Failover in Active/Standby 8 132
SonicWall Max Connection Setting 7 44
Factory Reset of Juniper SSG20 2 42
Objects in Cisco ASA 2 7
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question