我有一个运行 5.4 的 fortigate 90b(?)。wan1 设置为可公开访问的地址。我们的内部网络是 192.168.100.0

我可以通过 ipsec 连接，我可以访问网关，这是在 192.168.100.1 连接时的堡垒，但我无法通过网关遍历内部网络或 Internet。我放弃了拆分隧道，直到我能弄清楚。VPN 设置为：

   edit "IPSEC_Cisco"
        set type dynamic
        set interface "wan1"
        set mode aggressive
        set peertype one
        set mode-cfg enable
        set proposal aes256-md5 aes256-sha1
        set dhgrp 2
        set wizard-type dialup-cisco
        set xauthtype auto
        set authusrgrp "vpnUsers"
        set peerid "linux"
        set ipv4-start-ip 192.168.100.170
        set ipv4-end-ip 192.168.100.180
        set ipv4-netmask 255.255.255.0
        set dns-mode auto
        set ipv4-split-include "all"
        set psksecret ENC [key]
    next

阶段2

config vpn ipsec phase2-interface
    edit "IPSEC_Cisco"
        set phase1name "IPSEC_Cisco"
        set proposal aes256-md5 aes256-sha1
        set pfs disable
        set keepalive enable
    next


config firewall policy
    edit 17
        set name "IPSEC_Cisco_Internet"
        set uuid e8bc5412-ab3d-51e6-db87-ba2ff7d3aea2
        set srcintf "IPSEC_Cisco"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
    edit 18
        set name "IPSEC_CISCO_internal"
        set uuid bbe449ee-ac0b-51e6-de02-0ec32669842e
        set srcintf "IPSEC_Cisco"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next

我已经尝试了我所知道的一切，这并不多。任何见解表示赞赏。