Configuring Inter-VDOM routing over IPsec

Forum|Forum|6 years ago
January 28, 2020
1 reply
14054 views

This is diagram of my infrastructure:

VDOMs Public have internet access, VDOMs Secure not.

For now VPN IPsec work correctly but only between VDOMs Public. Generally the current configuration works as in the diagram but I have problem with connect VDOMs Secure over IPsec. So my questions is:

[ul]

How should I configure Inter-VDOM routing to connect VDOMs Secure over IPsec?

How should I configure Inter-VDOM routing to connect each VDOM with each other over IPsec?[/ul]

Both devices is FortiGate 100E.

infrastructure.png

6.0

Toshi_Esumi

SuperUser

I'm assuming there is no subnet overlaps between all secure vdoms (otherwise this wouldn't work without complicated NAT/VIP combinations). Since those secure vdoms need to go through the public vdom for internet, the routing should be as simple as below:

sec-vdom->pub-vdom: 0/0

pub-vdom->sec-vdom: internal subnets like 172.2, or 4,.255.0/24

kzukAuthor

New Member

Correct me if i'm wrong, but these routes I already have for VDOM-Links configuration.

static1.png

Toshi_Esumi

SuperUser

No, the routes(subnets) I wrote are the destinations of static routes. GW should be the opposite side IP of vdom-link. You must have assigned a /30 for each vdom-link. if sub-vdom has 10.0.0.2/30 the GW is 10.0.0.1 on the pub-vdom.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded