AnsweredHot!Share head office internet for remote office through exist IPsec VPN

Author
TJNIHAL
Bronze Member
  • Total Posts : 32
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/03 03:46:19
  • Status: offline
2019/04/21 22:27:14 (permalink)
0

Share head office internet for remote office through exist IPsec VPN

Hi, 

I have a existing IPsec tunnel between head office (FG60E) and remote office (FG60D) for file sharing. At the moment existing tunnel is working fine from both side.

Both device has v5.6.2 build1486
 
Now I got a requirement to route all the internet traffic from remote office device to head office device through existing tunnel. 
 
I followed this configuration [link=https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-ipsecvpn/Internet_Browsing_Config/Config_Overview.htm]https://help.fortinet.com...ig/Config_Overview.htm[/link] but internet is not working

  1. Create one security policy
       2. Edit the default route in remote device to traffic internet through IPsec Interface

Once I change the default route in remote device, all the traffic pass through VPN interface but internet is not working maybe not passing through head office device. 

I am not expert the firewall, Any guidance appreciated 
Thanks.
#1
Jirka
Gold Member
  • Total Posts : 121
  • Scores: 4
  • Reward points: 0
  • Joined: 2014/07/09 11:34:53
  • Location: Czech Republic
  • Status: offline
Re: Share head office internet for remote office through exist IPsec VPN 2019/04/22 00:22:26 (permalink) ☼ Best Answerby TJNIHAL 2019/04/22 02:08:30
5 (1)
Hey,

-do you have the policy incl. NAT on FGT HQ for remote branch subnet?
-do you have a right subnet (0.0.0.0/0) in Phase 2 in IPsec VPN?
 
Jirka
#2
TJNIHAL
Bronze Member
  • Total Posts : 32
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/03 03:46:19
  • Status: offline
Re: Share head office internet for remote office through exist IPsec VPN 2019/04/22 02:08:14 (permalink)
0
Hi Jirka,

Thank you for your response, I have not updated the Phase 2 address. Once I updated to 0.0.0.0/0.0.0.0 now all the route is passing through IPsec VPN and internet is working. 

Thank you again.
#3
Jump to:
© 2019 APG vNext Commercial Version 5.5