Add new IP subnet in existing ipsec vpn tunnel custom type.

Forum|Forum|7 years ago
March 6, 2019
1 reply
5069 views

Hi folks,

I'm trying to add another ip subnet range in existing ipsec tunnel which is custom type with phase 1 and phase 2. I have added in existing IPv4 policy traffic in and out policy (source to destination using tunnel interface) that subnet too. but it doesn't seem to be working still can't reach to that ip range from remote ipsec vpn tunnel site.

Question:

Do I need to add that subnet range in phase2 at both end fortinet FW to make it work ?

Does it also require to disable and enable ipsec tunnel?

Thanks

A

ede_pfau

SuperUser

You need 3 things to allow traffic to or from a (new) subnet:

- a phase2 for this subnet

- an address object for this subnet

- a policy allowing traffic to/from the tunnel to (usually) the LAN

- a route pointing to the tunnel if the subnet is on the remote side

I guess the route is missing. Check in Monitor>Routing Monitor.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded