Skip to main content
edy_othman
edy_othman
New Member
March 3, 2022
Solved

IP Sec VPN tunnel from 2 WAN port connected to 1 WAN port

  • March 3, 2022
  • 3 replies
  • 8614 views

Hi Everyone, I would like to seek an advice if is it possible to create 2 IP Sec VPN tunnel on fortigate firewall with 1 WAN interface ? if so is there any link or documentation that I can refer how to do so ?

I attached some topology for better understanding on this thing.Logical Diagram.PNG

Best answer by edy_othman

Issue solved...turn out to be some mismatch configuration on the preshared key..when I key in the preshared key again and the tunnel established..thank for helping

3 replies

akristof
Staff
akristof
Staff
March 3, 2022

Hello,

 

Thank you for your question. Yes, it is completely possible. There is really nothing special from configuration pov. On left FortiGate, you will create 2 ipsec tunnels each for different wan link. The remote-gw will be 30.30.30.1. And on the right FortiGate, you will configure also 2 ipsec tunnels, both bounded to the same wan interface, one tunnel will have remote-gw 10.20.20.1 and second tunnel will have 10.30.30.1. And that's it.

Link to standard ipsec tunnel guide:

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/281288/site-to-site-ipsec-vpn-with-two-fortigate-devices

edy_othman
edy_othmanAuthor
New Member
March 3, 2022

Hi akristof,

 

just now I just configure my fortigate with 2 different IP Sec tunnel to the same WAN port however I discovered that 1st VPN Tunnel is able to up and 2nd VPN Tunnel is down. Both side configuration is the same. I check on the events VPN log and discovered the "Action delete_phase1_sa". Is there anything that I need to check further ?

akristof
Staff
akristof
Staff
March 3, 2022

Hi.

 

Can you share phase1 configs of tunnels from both devices?

edy_othman
edy_othmanAuthor
New Member
March 4, 2022

Hi akristof,

 

I did this testing with Ali Baba Cloud (ABCloud) to established the IP Sec VPN, however the concept is the same which is ABCloud with 2 WAN port interface established connection to Fortigate 1 WAN port interface. you may refer to configuration on both devices.IPSecTunnel.PNGIPSecTunnel1.PNGIPSecTunnel2.PNGAliBaba Cloud.jpegAliBaba Cloud1.jpegAliBaba Cloud2.jpeg

edy_othman
edy_othmanAuthorAnswer
New Member
March 4, 2022

Issue solved...turn out to be some mismatch configuration on the preshared key..when I key in the preshared key again and the tunnel established..thank for helping

    Terms & ConditionsAccessibility statement