Skip to main content
Tomek-Banan
Tomek-Banan
Explorer
March 7, 2022
Question

From tunels to tunels

  • March 7, 2022
  • 2 replies
  • 3115 views

Hello,

From the LAN, users connect to Server1
Policy: From: LAN To: VPN-IPsec(Company Branch) Des: Server1

Remote users connect to the LAN via VPN-SSL

 

How to build a policy so that users can connect to Server1 via VPN-SLL -> LAN -->VPN-IPsec ?

(FortiGate80E v6.4.8)

 

I am trying various solutions, but they do not work
I am counting on your help.

 

Thank you

 

2 replies

naibaho
naibaho
Visitor III
March 7, 2022

1. is your objective is ssl vpn remote user can connet to server1 behind ipsec vpn locate in company branch?

2. is your sslvpn and your ipsec already working individually?

Tomek-Banan
Tomek-BananAuthor
Explorer
March 7, 2022

Ad1 - The remote user connects to the LAN (to the company) via VPN-SSL - this works. If he works in the company, he accesses Server1 from the LAN via a VPN IPsec inter-company tunnel - this also works.

Now I need to set up such traffic so that the remote user connects to Server1

 

Ad 2 - Yes, they work separately.

 

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
March 7, 2022

Hey Tomek,

you should be able to do a policy from SSLVPN tunnel to IPSec tunnel directly to allow the VPN users access to server1.

You would need the following in place:
- routing to/from SSLVPN and server1 (server1 has a route to SSLVPN, SSLVPN has a route to server1)
- add SSLVPN tunnel IPs to phase2 selectors in IPSec

- policies to allow traffic in both directions

You can check this forum thread on a similar SSLVPN to IPSec site-to-site setup:

https://community.fortinet.com/t5/Fortinet-Forum/SSLVPN-traffic-over-IPsec-tunnel/m-p/205265

    Tomek-Banan
    Tomek-BananAuthor
    Explorer
    March 7, 2022

    Hi All, 

    I will check your solutions and let you know.
    Thank you

    Terms & ConditionsAccessibility statement