create VLAN subnet access route through site-to-site VPN

Question

Hello, I'm having trouble getting access to the VLAN subnet of the branch company passed through the VPN tunnel I have a site-to-site VPN connection with 2 Fortigate 80E and 50E. Company HQ FGT 80E -> BRANCH FGT 50E I can access and ping perfectly between VPN networks through the tunnel. However, in the branch office I have a VLAN subnet configured in the 50E where the VoIP phones are. But I can't access this VLAN subnet originated from HQ FGT 80E through the tunnel. I believe my problem is with the route. I am grateful for the help.

sw2090 · Answer

yes client need s to have a route to the vlan subnet and FGT needs to have policy that allows this traffic.

Most easiest way if you use ipsec is enable mode config and split tunneling and set it to an addres group that contians all subnets you need to access from client. This will push the required routes to your clients.

Then you still need some policy to allow traffic..

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded