Hot!IPsec site to site routing traffic

Author
Cornelis
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/19 02:54:56
  • Status: offline
2019/05/20 05:05:52 (permalink)
0

IPsec site to site routing traffic

Hi All
 
I am pretty new to fortinet products and was hoping that someone could guide me in the right direction.
 
I have 2 fortigates where i have created a site to site vpn. The tunnel is up between hq and remote office. I need to route all traffic from a vlan from remote office to hq, so bassicaly the remote vlan has the same public IP as HQ.
 
Many thanks in advance
 
 
#1

3 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 5962
    • Scores: 468
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: IPsec site to site routing traffic 2019/05/20 05:51:57 (permalink)
    0
    What? remote and HQ have the same public IP? Could you please clarify?

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    Cornelis
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/19 02:54:56
    • Status: offline
    Re: IPsec site to site routing traffic 2019/05/20 06:04:53 (permalink)
    0
    Sorry, they have different IP's, i need the vlan from remote office to route through gateway of HQ so it looks like the remote machine is sitting in HQ 
     
     
    #3
    sw2090
    Gold Member
    • Total Posts : 328
    • Scores: 20
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: IPsec site to site routing traffic 2019/05/21 05:06:48 (permalink)
    0
    Well in this case your remote office GT will have to have a static route toa subnet at HQ used for this. This oute must go over the IPSec Tunnel.
    Then you would need a policy that comes after your outher policy on remote Site FGT (but before Policy 0) which will alllow traffic from client subnet to everywhere via the IPSec Tunnel.
    HQ FGT will then need a static route to remote client subnet over the IPSec Tunnel plus a Policy that allows traffic coming from the Tunnel with remote subnet as source and internet Port(s) or SDWAN as destination with NAT enabled.
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5