How to add a secondary VLAN to the existing IPSec Tunnel

Hello ,

I have a question.

I have a running IPSec Between 2 offices ( FG's)

Site Mexico - 10.1.10.0/24

Site Ontario - 192.168.100.0/24

Now I need to add a new VLAN in Ontario L3 Switch - 10.1.100.0/24 , And I need to use this VLAN also for the IPSec .

How do I achieve?

thanks in advance.

Nihas

Best answer by Carl_Wallmark

Hi,

Create a new Phase2 with your new networks and connect it to the already existing Phase1.

You can have multiple Phase2 per Phase1.

New Member

Hi,

Create a new Phase2 with your new networks and connect it to the already existing Phase1.

You can have multiple Phase2 per Phase1.

SuperUser

...and, may I add, create at least one policy from the new VLAN to the tunnel (with the phase1 name).

edit:

Arggh, and on the remote end, add a new static route of course, pointing to the tunnel.

NihasAuthor

New Member

"You can have multiple Phase2 per Phase1."

Thanks for the new info.

Another question, If I don't have access to the remote FG, and they are not ready to change anything for a particular time.

And from our side we really need to access their resource, so is there any other option?

thanks

Nihas.N

New Member

If you add a new network on your side you can always use NAT on your policy.

Sign up