| Description | This article describes how to add a subnet on the local or remote side or both. To do that, it is necessary to make changes in the phase2 of the existing custom tunnel. |
| Scope |
FortiGate. |
| Solution |
To add a new subnet in the phase2 selector of a custom tunnel there are 2 approaches:
1) If the phase2 selector is specified as a named address, a group of addresses adds a new subnet to the existing group if a separate/another phase 2 selector is not wished. 2) Add a new phase 2 selector.
Follow the steps below for both methods:
1) Adding a subnet to an existing group: - If the tunnel looks like something below do not create a separate phase2 selector is not wished:
Below it is possible to see how the address group looks with the existing setting. The VPNCustomLocal and VPNCustomremote is the address group used in this example VPN tunnel:
- it is simply possible to add the new subnet address to the existing group remote or local as per the need and select OK. If the static route and firewall policy also has the same group it will be updated.
2) Add a new phase 2 selector: - To add a new phase 2 selector, go to VPN -> IPsec Tunnel and select to edit the tunnel. On Phase 2 Selectors, locate the Add button as shown in the screenshot below and add the new subnet as the selector and select OK to save the new settings:
|
