Created on 07-28-2005 12:00 AM
Description | Using proxy-ARP for VPN dial-in FortiClients |
Components |
|
Steps or Commands | A remote VPN user can now be configured to use an IP address within the same subnet that he is attempting to connect to. This requires that the main FortiGate unit perform proxy-ARP responses on behalf of these remote dial-in clients. In order for this proxy-ARP functionality to work, the IP address on the FortiClient must be obtained via DHCP-over-IPSec. For information on how to configure DHCP-over-IPsec between a FortiClient and a FortiGate unit, see the Fortinet Knowledge Base articles DHCP over IPSec using FortiClient and Dialup-client IPSec VPN Example Technical Note. The following FortiGate debug commands can be used to confirm that the VPN connection has been enabled with proxy-ARP: Fortigate # diag deb appl dhcprelay 255 Fortigate # diag sys dev list root |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.