Multiple IPSec tunnels to the same remote gateway ip

Forum|Forum|7 years ago
May 8, 2019
5 replies
33284 views

Hi,

2 of our customers need an IPsec tunnel to the same remote gateway ip of a 3rd party supplier from our datacenter/vpn firewall (FGT 200E - FortiOS 6.04)

But when I try to set this up, I get an error saying: Duplicate remote gateway ip

They cannot share the same IPsec tunnel, because of regulations, laws etc. So I really need to have 2 IPsec tunnels to the same remote gateway ip.

Is there any way of making this possible on our FGT 200E?

martin28

New Member

Hello, You can do it but both VPNs have to have different interface bindings.

You cannot set 2 VPNs from the same interface to the same remote gateway. Either the remote gateway or the interface binding of the VPN has to be different between both VPNs.

Best regards.

rvanefferenAuthor

New Member

Hi,

I was afraid that would be the answer, than we'll have to think of an alternative plan. Probably using the 'old' VPN firewall. Not ideal, but at least it will give us some time to come up with a more permanent solution.

Thanks!

rvanefferenAuthor

New Member

Well that's the thing with this setup. Would we do that we would not be in compliance with local and european regulations and maybe even more regulations. The traffic has to be strictly seperated from each other, so hence the two seperate IPSec tunnels. How the 3rd party which we are connecting to stays in compliance with regulations is from my (technical) point of view not important. Litte sidenote: it are companies that provide financial services, so very strictly regulated

But your first reply about the VDOMS is the best way for our environment and it will be implemented, I already made sure of that. The only question is when...