Connection to LAN interface over IPSEC tunnel

Hello all,
I have a RUT901 VPN modem and establised a VPN tunnel with IPSEC.
But I can’t access the equipment on the LAN side.
The network setup is as following:

Support → Fortinet VPN → Internet → RUT901 over 4G → LAN interface ->equipment

This is a ping response from the support deparmtent to the equipment with IP 172.16.12.2

Here a screenshot of a part of the IPSEC setup

The IP-adres of the LAN interface = 172.16.12.1
I can ping 172.16.12.2 on the LAN from the RUT901 unit.
Do I have to create a route between the IPSEC tunnel and the local LAN interface?

Kind Regards,
Remon Vleugel

Hello,
The “Local subnet” field should be set to 172.16.12.0/24 not /32.
Idem for the “Remote subnet” at the Fortinet end, set it to 172.16.12.0/24.
Regards,

Thanks for the quicke response.
We have tried that as well.
But do I have to make a static route to the LAN? Or can I leave that default. Same for the firewall?

Kind regards,
Remon

Could you do a tcpdump on the RUT and a the ping on the Fortinet at the same time:
tcpdump -i any -n -v 'icmp'
What is the output of tcpdump ?
What is the default route of 172.16.12.2 ?

Hello flebourse.

I will try the tcpdump. Only the CLI is not working, I have enabled it in access control. But it gives a time out. So I try putty now. An other problem is. The support side is in France and my company is in the Netherland. The communication is not going that smooth, but I will try.

I don’t know of the equipment has a standard gateway configured. That is also done by the people in France. Do we need a gate way? Do we need NAT?

I am not an expert in VPN and routing, sorry for that.

Regards,
Remon

Yes, you need to set the default gateway on all devices connected to the lan. Should be the default if the addresses are assigned by DHCP.

Hello flebours.
The gateway = 172.16.12.1

When I was looking at the configuration of the LAN interface i found it was in bridge mode.
This bridges the LTE data connection with LAN. I think we won’t have that, it also disable most of the device’s capabilities.

Tomorrow I will arrange a new test with our friend from France.

Kind regards,
Remon

Hello Flebours,

The LAN was in bridged mode. After disable this feature the VPN tunnel was working as espected.
Thanks for the quicke response and input.

Kind regards,
Remon

This topic was automatically closed after 15 days. New replies are no longer allowed.