AnsweredHot!Please Help: connect 2 site to site VPN tunels

New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/04/21 06:20:54
  • Status: offline
2021/10/07 00:50:26 (permalink)

Please Help: connect 2 site to site VPN tunels

I have the following scenario:
Site A:
Site B:
Site C:
Site A and Site C must cummunicate.
FG is located in site B.
On FG in sTie B Site to site VPN A<->B and B<->C is configured.
Site to site VPN A-B uses NAT with following configuration:

External IP Range172.31.254.9 - IP Range192.168.0.1 - 
Can please assist how to make A<->C communication. Thank you!
Expert Member
  • Total Posts : 1022
  • Scores: 85
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Please Help: connect 2 site to site VPN tunels 2021/10/07 04:25:21 (permalink) ☼ Best Answerby vedranOP 2021/10/07 04:45:42
Basically this means:
there is no S2S VPN (or vpn at all) from A to C, so the only way fro A to C is through B.
This means:
1. the Gw on Site A has to know a route for C that has the FGT at B as Gateway.
2. the FGT on Site B has to know a route for C over the S2S  and also back to A (might already be there with the S2S, since required for commnication B<->C too).
3. the FGT on Site B has to have a policy that allows traffic from A to C to flow coming from S2S A<-> B and going to S2S B<->C
4. the Gw on Site C has to know a route back to A with FGT at B as Gateway
I currently don't know if our NAT affects anything in here as I don't use NAT on S2S Tunnels here.

I thus have a similar case here:
I got a Webservice that only allows access from our wan IPS at HQ. So all Sites have to access this via us.
So this has to go from Site <= S2S => HQ <= SDWAN => Website. Since in routing and polcies that's all down to interfaces that is basically the same...

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Jump to:
© 2021 APG vNext Commercial Version 5.5