Hot!Route within the same firewall for 2 site-to-site VPN

Author
manatnatt
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/04 20:46:27
  • Status: offline
2019/06/04 20:49:21 (permalink)
0

Route within the same firewall for 2 site-to-site VPN

Hi all,
 
First time post but long time follower!
 
I have a scenario where the firewall I currently managed has 2 site-to-site VPN connected from different location from draytek router on each end.
 
Draytek ---VPN--- Fortigate ---VPN--- Draytek
 
Question is, I want these 2 networks to be able to reach each other.
 
I tried adding the policy but it didn't work.
 
Do I have to add static route in the Draytek router?
 
Thanks in advance.
#1

1 Reply Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6050
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Route within the same firewall for 2 site-to-site VPN 2019/06/05 01:43:09 (permalink)
    0
    hi,
     
    and welcome to the forums, as a contributor :-)
     
    Yours is a routing problem, not so much a problem with VPN or policies.
    In your mind, move to every router in that chain and ask yourself:
    - do I have a route to the destination?
    - does my VPN transport this network (phase2 selectors)?
    - do I have a policy for this traffic? do I have one for incoming and one for outgoing direction?
     
    Helpful to know:
    1- the FGT will discard any traffic which comes from an "unknown" source. To make a source network "known", you need to create a static route to it.
    2- if you use '0.0.0.0/0' as the phase2 selector in the FGT VPN, it will be used as a wildcard. I know this will work for multiple arbitrary networks between 2 FGTs. No experience with FGT-to-Draytek.
    3- do not use NAT anywhere for this scenario. IMHO NAT often is a quick fix to cover up poor routing.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5