Skip to main content
Wayupnorthguy
Wayupnorthguy
Explorer
October 21, 2022
Solved

Multiple Site to Site Connections

  • October 21, 2022
  • 2 replies
  • 6079 views

I have a "Remote Facility" that has equipment that is to be monitored by two separate operations centers.
The remote facility has two distinct private subnets that are not interconnected and need to remain so.
I have successfully configured two site-to-site IPSEC VPNs (Fortigate to Fortigate) from one Operations Center and can access hosts on those LANs.
I cannot establish a second site to site connection from Operations Center 2.  I can build the dialer from the NATed side and the connector on the Remote Facility side but when selecting the Tunnel status, the second tunnel doesn't even show up so that I can select "bring up".  Attached is a diagram.  I'm sure there are smart people out there who will tell me how I "should" be doing this. 

Wayupnorthguy_0-1666396590774.png

Any help appreciated.

 

Best answer by Wayupnorthguy

Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID".  Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.

2 replies

distillednetwork
distillednetwork
Explorer II
October 23, 2022

You could use DDNS on the remote fortigates to learn their external IP address and use that as the remote gateway or set up a unique peer ID for each remote site.

 

 

Wayupnorthguy
WayupnorthguyAuthor
Explorer
October 24, 2022

Currently the operations centers simply "dial" the remote facility.  This works fine as long as there is only one connection.  This may be related to another post I have going and once I resolve that issue it may fix this one.  The dialer config with one unit behind NAT works fine.  Just can't have them both active at the same time. (basically the remote site fortinet will not let me create the VPN (creates it but it doesn't show up in the summary so you can't "bring up" the interface.

 

Wayupnorthguy
WayupnorthguyAuthorAnswer
Explorer
January 7, 2023

Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID".  Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.

Terms & ConditionsAccessibility statement