How to reach two different LAN Network / IP-ranges through VPN Tunnel

Forum|Forum|6 years ago
September 14, 2019
2 replies
4866 views

Hi all,

we have two locations with the following IP settings

Location 1: 192.168.1.0

Location 2: 192.168.2.0 and on a lot of clients secondary IPs of the 192.168.3.0 network

The Fortigate on Location 2 has on the LAN facing Interface 192.168.2.x and a secondary ip 192.168.3.x

The VPN is up and running and communication between both locations is possible. Clients from 192.168.1.x can reach clients 192.168.2.x and vice versa.

192.168.1.x can not reach 192.168.3.x

On Location 1 i have a static route with the subnet 192.168.3.x into the VPN Interface (VPN to Location 2).

But no communnication to the "second" LAN is possible.

The log shows that the ping hits the correct VPN Tunnel, but there is no reply:

21.730555 VPN-to-Location 2 out 180.22.x.x -> 192.168.3.15: icmp: echo request 22.740695 VPN-to-Location 2 out 180.22.x.x -> 192.168.3.15: icmp: echo request

any advice?

thanks a lot in advance

orani

New Member

From location 1 firewall can you reach lacation's 2 firewall with ip 192.168.3.x (gateway secondary ip)?

pfcAuthor

New Member

Hi orani,

with administrativ access enabled for ping on that secondary IP on location 2 firewall, there is no ping reply.

7.592865 VPN-to-Location 2 out 180.22.x.x -> 192.168.3.250: icmp: echo request 8.608995 VPN-to-Location 2 out 180.22.x.x -> 192.168.3.250: icmp: echo request

(also no reply when I add the interface to use for "execute ping" on location 1 firewall, like using the location 1 LAN interface)

orani

New Member

So it seems that there is no route to that subnet... you can run traceroute (tracert on windows pc) to see the path that your traffic goes through. You might need to configure a static route on location 1 or maybe at both locations