Re: Route within the same firewall for 2 site-to-site VPN
and welcome to the forums, as a contributor :-)
Yours is a routing problem, not so much a problem with VPN or policies.
In your mind, move to every router in that chain and ask yourself:
- do I have a route to the destination?
- does my VPN transport this network (phase2 selectors)?
- do I have a policy for this traffic? do I have one for incoming and one for outgoing direction?
Helpful to know:
1- the FGT will discard any traffic which comes from an "unknown" source. To make a source network "known", you need to create a static route to it.
2- if you use '0.0.0.0/0' as the phase2 selector in the FGT VPN, it will be used as a wildcard. I know this will work for multiple arbitrary networks between 2 FGTs. No experience with FGT-to-Draytek.
3- do not use NAT anywhere for this scenario. IMHO NAT often is a quick fix to cover up poor routing.
Ede " Kernel panic: Aiee, killing interrupt handler!"