Skip to main content
Brian_Gibbs
Brian_Gibbs
New Member
July 11, 2018
Question

Multiple Subnets

  • July 11, 2018
  • 1 reply
  • 7291 views

So here is what I am trying to accomplish

 

I have site A (HQ) that is connected to site B over an ipsec tunnel. 

Site A has an internal network of 192.100.200.0/24

Site B has an internal network of 192.100.231.0/24

The ipsec tunnel is connected and working correctly. 

 

At site A a new interface was created with VLAN 10 subnet 10.10.10.0/23 - Site A has full access to this interface

I need to allow Site B access to this new interface.

 

I have added interface ip to phase2 on the VPN tunnel, created a static route and have created policies but nothing seems to work. I can't get this new interface to pass along the ipsec tunnel. I can't rebuild the tunnel as Site B is in HI. 

 

Any thoughts?

    1 reply

    sw2090
    SuperUser
    sw2090
    SuperUser
    July 17, 2018

    All you need is the tunnel (which you already have). You don't need interface ip on phase2.

    What you then need on Side B is a static route to 10.10.10.0/23 over your tunnel and a policy that allows 192.100.231.0/24 to access 10.10.10.0/23 over the tunnel.

     

    Side A then needs to have policy to allow traffic comiing from the tunnel with source 192.100.231.0/24 and destination 10.10.10/23 and src interface your tunnel and dest interface your vlan.

     

    That should do the trick. It does here with several vlans in different location.

    Brian_Gibbs
    Brian_GibbsAuthor
    New Member
    July 18, 2018

    Thanks for the quick reply. One question. Is this a Route Policy or an IPV4 Policy. 

     

    Sorry really new to the fortigate environment 

    sw2090
    SuperUser
    sw2090
    SuperUser
    July 18, 2018
    IPv4 Policy
    Terms & ConditionsAccessibility statement