traffic from a VPN to anaother

Forum|Forum|7 years ago
March 25, 2019
1 reply
2996 views

Hi I have a fortigate 200D on which too others VPN arrives. And the two remote VPN to communicate. On each Phase 2 I declared the adresses from remote sites. And I made a policy rule to authorize VPN1 to VPN2 (and reverse) on the Fortigate 200D...

I tried to debug but I can't find any solution...

Toshi_Esumi

SuperUser

For spoke-to-spoke, you need to take care of 1) phase2 selectors, 2) routing, and 3) policies at all three parties: HUB, spoke1, and spoke2. Perhaps, the spokes don't have a route into the tunnel to get to the other spoke.

To debug at the hub (200D), you need to disable asic offloading on the policies in CLI (set auto-asic-offload disable). Then you can run sniffer and/or flow debugging.

hawada

New Member

Hello,

As I have understood you have two sites which are connected via ipsec tunnels to your 200D FGT, and you want site A to communicate with site B via 200D FGT right?

If so it is very simple you can create an ip-pool on 200D by using a free available IP on your LAN as External IP with type overload. Then create an IPv4 policy for remote LAN A to remote LAN B and under NAT option select the ip-pool you have just created, then clone reverse the policy. Traffic can then propagate between both sites.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded