One wan interface two tunnels

Forum|Forum|11 years ago
January 3, 2015
4 replies
4478 views

Configuration ipsec

Wan1 - Internet (vpntunnel1 , and vpntunnel2)

Interface 1 - lan1 10.0.0.0

Interface 2 - lan2 10.0.3.0

I can establish vpn with vpntunnel1 to lan1 but cannot establish vpntunnel2 to lan2

in event log vpn when I try establish vpntunnel2 I see there the fortigate is tryining go through vpntunnel1 instead vpntunnel2 (strange). (vpntunnel2 have diffrent adresses and has intrEface 2 which I set in objects)

event log: progress IPsec phase 1 success and delete IPsec phase 1 SA but why vpntunnel1 not 2.

I think i can set the fortigate to choose vpntunel2 and then everything will be ok ? But how ?

p.s SORRY for English

Best answer by emnoc

Okay you have 2 tunnels are these route-based or policy-base? Or can you share the vpn configuration?

emnocAnswer

New Member

Okay you have 2 tunnels are these route-based or policy-base? Or can you share the vpn configuration?

DrWittAuthor

New Member

I have forti in interface mode. And I've created vpn with forti wizard (Firmware 5.2) and wizard created policy.

1. vpntunnel1 -->internal1 (vpn works)

2. vpntunnel2--> internal2 (vpn not works)

emnoc

New Member

Okay so this still not saying alot.

Whats not working? ( phase1, phase2, firewall policies )

What diagnostics did you conduct ?

Did you ensure routes are correct ?

Did you ensue fwpolicies are correct?

Can share the cfg ?

DrWittAuthor

New Member

When i delete vpntunnel 1 (which work) then I can establish connection on vpntunnel2 (work ok)

When both vpntnnel 1 and vpntunnel2 are configured at fortigate i can only establish connection on vpntunnel1.

When both tunnel are set on fortigate - forticlient only connect to vpntunnel1 .

One user connect to vpntunnel1 - interface1 ok

Second user try to connect thru vpntunnel2 - interface2 - but forti direct him to vpntunnel1 :(

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded