我这里有两台 Fortigate,每个站点使用一台。
站点 A 站点 B 192.168.2.0/24 <---------- VPN --------> 192.168.10.0/24
员工通过 PPTP 连接到站点 A,并且只能访问该站点,但不能访问站点 B。
站点 a 和站点 b 之间的 Ipsec 隧道运行正常,我也可以从任何 PPTP 客户端建立到站点 A 的 VPN 连接,但无法访问站点 B。
config firewall policy
edit 5
set srcintf "internal"
set dstintf "wan1"
set srcaddr "Local_LAN"
set dstaddr "Remote_LAN"
set action ipsec
set schedule "always"
set service "ANY"
set inbound enable
set outbound enable
set vpntunnel "tunnel"
next
edit 1
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
next
edit 50
set srcintf "wan1"
set dstintf "internal"
set srcaddr "PPTP"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
next
edit 4
set srcintf "wan1"
set dstintf "wan1"
set srcaddr "PPTP"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
next
end
有人知道我需要设置哪些政策才能实现吗?谢谢
更新:
192.168.2.1(站点 a 路由器)至 192.168.10.1(站点 b 路由器)跟踪路由
traceroute to 192.168.10.1 (192.168.10.1), 32 hops max, 72 byte packets
1 192.168.10.1 33.596 ms 33.415 ms 32.957 ms
PPTP 客户端到站点 b 路由器跟踪路由
traceroute to 192.168.10.1 (192.168.10.1), 64 hops max, 52 byte packets
1 192.168.2.160 (192.168.2.160) 37.521 ms 33.914 ms 33.654 ms
2 h254.s98.ts.hinet.net (168.95.98.254) 58.420 ms 50.837 ms 49.903 ms
3 tp-s2-c6r11.router.hinet.net (168.95.82.46) 49.852 ms 50.701 ms 51.416 ms
4 tpdt-3011.hinet.net (220.128.3.114) 54.643 ms 56.940 ms 58.699 ms
5 tpdb-3101.hinet.net (220.128.14.241) 51.098 ms 52.266 ms 50.028 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *