Two IPSEC VPN Tunnels between two Fortigate FW's

Forum|Forum|8 years ago
April 3, 2018
1 reply
3754 views

Hi There,

One of my customers is requesting to create one additional VPN tunnel between the same live IP's which already has one IPsec tunnel up/running. I want to know is it possible in Fortinet FW.

Two physical devices with two IPsec tunnels for two different LAN subnet.

The solution which I am getting in my mind is to add one more phase 2 for 2nd remote end LAN subnet.

Please let me know if it is possible if yes is there any doc for this.

Regards

Sameer Parvaiz

5.4

Markus

New Member

Hi,

Welcome to the Forums.

If the IPSec tunnel is labeled Site to Site - Fortigate, you have to convert to custom tunnel to add additional phase 2. Another way is to setup the remote subnet as 0.0.0.0/0, route the traffic and use policies. Regards,

Markus

emnoc

New Member

Yes you need a 2nd phase2 tunnel

e.g

config vpn ipsec phase2-interface edit "DIGOCPH2-1" set phase1name "DigitalOceanAMS" set dhgrp 2 set keylifeseconds 3600 set src-subnet 10.3.0.1 255.255.255.255 set dst-subnet 192.168.23.0 255.255.255.0 next edit "DIGOCPH2-2" set phase1name "DigitalOceanAMS" set dhgrp 2 set keylifeseconds 3600 set src-subnet 10.3.0.1 255.255.255.255 set dst-subnet 192.168.10.0 255.255.255.0 next end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded