Skip to main content
optimusprime90
optimusprime90
New Member
March 25, 2026
Solved

IPSEC VPN and Site-to-Site Conflict

  • March 25, 2026
  • 2 replies
  • 319 views

Hello There,
1- I have been facing an issue with IPsec and need your opinions plz.
i have sdwan zone with 5 wan links for internet, site-to-site is configured binding wan1 and works fine, once i confure ipsec-remote vpn on wan1 it works fine too but site-to-site goes down after some time and does not come up unless i completely delete the remote vpn.

2- I decided to setup remote vpn on another wan link to avoid any possible conflict having at wan1, but remote vpn does not work at all at WAN2 or WAN3, even though the sdwan rule also created for port 500 4500 via wan2-wan3.

Best answer by optimusprime90

Hey All,
So adding netrwrok-id did not work in s2s, i end up adding peer-id in remote vpn and both worked fine.
Regarding remote vpn on other wan links, in sniffer it showed up no trrafic was reaching to the wan links, instead it was hitting wan1 only, so i re-installed forticlient software and it worked fine on ither wan links too.

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
March 25, 2026

are you using IKEv1 for both site to site and remote vpn ?

"jack of all trades, master of none"
optimusprime90
optimusprime90Author
New Member
March 25, 2026

ike_v2 and both with diff encryptions and dh groups.
and i think somehow sdwan dynamic routing not allowing remote vpn to work on other wan links either

 

optimusprime90
optimusprime90AuthorAnswer
New Member
April 2, 2026

Hey All,
So adding netrwrok-id did not work in s2s, i end up adding peer-id in remote vpn and both worked fine.
Regarding remote vpn on other wan links, in sniffer it showed up no trrafic was reaching to the wan links, instead it was hitting wan1 only, so i re-installed forticlient software and it worked fine on ither wan links too.

Terms & ConditionsAccessibility statement