Re: Please Help: connect 2 site to site VPN tunels
☼ Best Answerby vedranOP 2021/10/07 04:45:42
Basically this means:
there is no S2S VPN (or vpn at all) from A to C, so the only way fro A to C is through B.
1. the Gw on Site A has to know a route for C that has the FGT at B as Gateway.
2. the FGT on Site B has to know a route for C over the S2S and also back to A (might already be there with the S2S, since required for commnication B<->C too).
3. the FGT on Site B has to have a policy that allows traffic from A to C to flow coming from S2S A<-> B and going to S2S B<->C
4. the Gw on Site C has to know a route back to A with FGT at B as Gateway
I currently don't know if our NAT affects anything in here as I don't use NAT on S2S Tunnels here.
I thus have a similar case here:
I got a Webservice that only allows access from our wan IPS at HQ. So all Sites have to access this via us.
So this has to go from Site <= S2S => HQ <= SDWAN => Website. Since in routing and polcies that's all down to interfaces that is basically the same...
-- "It is a mistake to think you can solve any major problems just with potatoes."
- Douglas Adams