Site_To_Site VPN and LDAP access

Forum|Forum|9 years ago
September 20, 2016
2 replies
2869 views

Hello everyone,

I have a configuration with two fortigate (80C and 92D).

The 92D is located at the company HQ.

The 80C is located at a company branch.

A site_to_site VPN is configured and properly working between those two fortigates.

The branch can access the LDAP directory and file server of the HQ (policies are configured to allow that).

My problem is that the branch itself as a Site-To-Client SSL tunnel configured for remote workers.

I would like to use the HQ Ldap to retrieve their user accounts but from the fortigate itself, all HQ IP address are not reachable.

I don't know that policy or route is to be configured to allow the branch fortigate itself to see the HQ network.

Can someone help me ?

If you need more information, just ask.

Many thanks,

ede_pfau

SuperUser

This is a perfect problem for FTNT Support. So I'd recommend to open a ticket for technical assistance for this.

IMHO the reason for this situation is that the tunnel ends are not numbered (do not have IP addresses assigned). In 95% of the cases the FGT on one end can ping remote network hosts without problem. That is, if the phase2 Quick Mode selectors are set correctly.

As there are quite a few unknown parameters in this picture I'd prefer to leave this to Support.

rogerchang

New Member

HI DEAR ALL:

I have the same issue!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded