Forward internet traffic over IPsec tunnel for specific subnets

Forum|Forum|1 year ago
February 23, 2025
1 reply
711 views

I'm having an hard time to forward internet traffic over IPsec tunnel for specific subnets, basically i want that computers in the siteB subtnet access the internet though SiteB gateway via the IPsec tunnel.

This is the official documentation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-internet-traffic-over-IPsec-tunnel-for/ta-p/328628

First of all it's poorly explained how to add the gateway to the phase 2 selectors (Note: make sure to include the gateway IP in phase 2 selectors of the tunnel to allow traffic)

Can someone more advanced that me explain how to do it? Many thanks

FortiGate

kaman

Staff

Hi mass1q,

You can refer to the below document where @saneeshpv_FTNT described exactly what to do.

https://community.fortinet.com/t5/Support-Forum/Route-two-subnets-to-internet-over-IPsec-tunnel/td-p/265130

Regards,

mass1qAuthor

New Member

Thank you very much, it helped me a lot. I needed to forward all internet traffic from site B (branch) to site A (HQ), route policy was the key to make it happen. I also had to assign static ip to the IPsec interfaces and set the remote one as gateway in the route policy.

In case tunnel goes down I also need to block all traffic going to the site B local WAN, is it possible? Basically I want that internet for site B is reachable only through the IPsec in site A

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded