Allow traffic from ssl-vpn to enter ipsec tunnel on fortigate
we configured our FortiGate 50B to route traffic from our local net 192.168.10.* (which is our office) to a remote network 172.29.112.* using an ipsec tunnel. Everything works fine as long my computer has an ip from 192.168.10.*.
We can also connect to the office network from at home using a ssl vpn connection. Once connected we receive an ip from 10.41.41.*.
Now I want to allow the traffic flow from 10.41.41.* to 172.29.112.* just like it does from the office network.
Could somebody point me in the right direction what I would need to do?
Thanks, Sascha
I had this same situation and fixed it by doing adding the policy from the SSL.vpn interface to the IPsec tunnel interface and then from the IPsec tunnel interface back to the SSL.vpn interface. The issue is what interfaces the traffic is allowed on. It will not hairpin to an interface that is not defined in a policy.
I'm in your same situation.
This is what I tried but didn't work (All IPs are an example and were taken from your question):
NAT to a Virtual IP (192.168.10.200) all traffic coming from SSLVPN (10.41.41.) and going to IPSEC (172.29.112.) So all SSLVPN traffic is being translated to an internal IP which should go trough the tunnel fine. By this way we could avoid modified IPSEC destination but didn't work.
The only way is to add in both IPSEC sides our SSLVPN network (10.41.41.*), as Alex said so all traffic would be routed fine