Description | This article describes information on how to configure a local device manually in the remote subnet of the IPsec tunnel and access it from the remote side. |
Scope | FortiGate, all firmware. |
Solution |
The purpose of this article is to explain the process in the scenario where it is wanted to configure devices with an IP in the remote subnet of the IPsec tunnel.
For example:
Local subnet - 192.168.10.0/24
Remote subnet- 192.168.20.0/24
If one wants a few of the devices on the Local side to take an IP address from 192.168.20.0/24 IP address (which is remote), then it is possible to follow the following procedure.
Topology was used to create this article.
192.168.20.0/24 ---(.1) (Remote-Fortigate) --- IPsec tunnel --- (Local-Fortigate) (.1)--- 192.168.10.0/24 --- Host (which is required to be in remote subnet 192.168.20.0/24 for instance. Printer).
Assuming the IPsec tunnel is already configured.
config sys proxy-arp edit 1 set ip 192.168.20.1 set end-ip 192.168.20.10 end
The last step is to configure a static route on Remote-fortigate with the interface set as tunnel_interface.
Both the FortiGates should be able to access the host 192.168.20.5 now and vice-versa.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.