When a user VPN into a Fortigate Router , make sure they can access all Subnet available to the router not just the local one :<\/p>
Name :<\/strong>\u00a0SSL VPN to New Subnet<\/p> Incoming Interface :<\/strong> SSL-VPN tunnlel Interface ( ssl.root )\u00a0<\/p> Outgoing Interface<\/strong> – %Interface of Site to Site VPN for Remote Site%<\/p> Source :<\/strong> SSL VPN Client Range \/ SSLVPN_Users<\/p> Destination Address : %new subnet%<\/p> Schedule : Always<\/p> Service : ALl<\/p> Action : Accept<\/p> Nat : Enabled (\u00a0 to traverse IPsec VPN as local address (192.168.0.x) as opposed to SSL VPN client range (192.168.1.x)\u00a0<\/p> IP Pool Configuration : Use Dymanic IP Pool<\/strong> and\u00a0NAT Pool for SSL VPN Clients<\/strong><\/p> \u00a0<\/p> 2. \u00a0Make you have DHCP NAT pool\u00a0Range excluded from your onsite DHCP\u00a0<\/p> 3.Added New Subnet to routing address in SSL VPN portal \u2013 tunnel mode<\/strong><\/p> VPN – > SSL VPN Portals<\/p> Tunnel Mode -> Enable Split Tunnelings -> Routing Address\u00a0<\/p>","protected":false},"excerpt":{"rendered":" When a user VPN into a Fortigate Router , make sure they can access all Subnet available to the router not just the local one :Added security […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1527,1],"tags":[2052,2053,2049,1251,1250,2050,2051,1351],"class_list":["post-2633","post","type-post","status-publish","format-standard","hentry","category-networking","category-research","tag-access-second-subnet","tag-access-subnet-via-site-to-site-vpn","tag-dymanic-ip-pool","tag-fortigate","tag-fortinet","tag-nat-pool-for-ssl-vpn-clients","tag-routable","tag-vpn"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t