Avatar of Arie Lavi
Arie LaviFlag for Israel

asked on 

SSL VPN to IPsec

Hi all,
I have a FW problem,
I've got two fortigate firewalls connected by IPsec VPN which is working great. users can connect to the main site also with SSL VPN. The problem is that when an SSL VPN user can't get to the remote site computes,
The main site address is,
The remote site address is
The SSL VPN address is 172.16.0.(100-110).
The phase 2 in the IPsec VPN is configurd with and I've tried all the policies from the cookboos I could find but I still can't get it to work. The SSL Tunnel is split and the remote site address is configure in it.
What am I doing wrong?
Is there any suggestions on how can I resolve it?

Thanxs in advance
* FortigateInternet Protocol SecurityVPN

Avatar of undefined
Last Comment
Avatar of John
Flag of Canada image

I am not familiar with the Fortigate but using Cisco, I would set up two different tunnels - one for IPsec and one for SSL.  Did you set up a separate tunnel for the SSL users?
Avatar of Qlemo
Flag of Germany image

The general issue with such connections is that they need to use "hairpinning" - receiving, decryping, encrypting and sending all on the same interface. That is not as simple as it looks like ;-):

The FortiGate has good tracing capabilities, starting with policy logging and traffic logging.
I would start with a traceroute on the client to "remote site". This should show if the SSL VPN is passed at all.
Then switch on logging for both concerned policies - the dial-in one and the site-2-site, then send one or more pings, and check the logs.
Avatar of Sandeep Gupta
Sandeep Gupta
Flag of India image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Qlemo
Flag of Germany image

Arie Lavi, you cannot be serious by accepting that last comment.
It is important that you choose comments really being at least part of the solution.

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo