Skip to main content
scfo
scfo
New Member
March 14, 2023
Question

Help Configuring IPSec VPN Remore Access on Vdom without Wan connection

  • March 14, 2023
  • 1 reply
  • 1072 views

Hi,

We have a topology similar to the one described by this article:

Technical Tip: Configuring IPSec VPN tunnels on VD... - Fortinet Community

@dbabic 

but instead of a Fortigate on Site B, we need to establish a VPN from a FortiClient connected to the wan link (root vdom).

What configuration shall we use for this case? Is it even feasible?

Additionally from the example post we are not sure where the 172.16.1.1 ip address is defined (is it the wan interface on site B?) In that case, why is it configured as a remote gw in vdom1?

Thank you in advance!

FortiGate 

FortiClient 

 

1 reply

scfo
scfoAuthor
New Member
March 14, 2023

Just to clarify the question regarding 172.16.1.1 ip address, as per below, in the article the VIP mapping used in the incoming policy in root Vdom uses 172.16.1.1 as the external ip, shouldn't it be the ip address of root Vdom wan1 interface? 172.16.1.1 seems to be the IP of the remote site B as per the rest of the configuration

 

#config firewall vip
edit " VIP-10.0.0.2"
set extip 172.16.1.1
set extintf "wan1"
set mappedip "10.0.0.2"
next
end

Terms & ConditionsAccessibility statement