Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
obrienw
New Contributor

SSL-VPN through IPSec VPN Configuration

I' ve seen a couple posts that didn' t seem to resolve this issue and after struggling through it (with help from user Selective), here' s how I was able to get it to work: Assumptions: 1. You have two offices, a headquarters (HQ) and a branch office (BO) 2. You have an interface/route based IPsec VPN between the two offices (that works). 3. You have an SSL-VPN to the HQ that works to the HQ subnets, but not to the BO. On the BO FG: Note -- it' s likely that your BO FG is capable of being an SSL-VPN host as well; make sure not to confuse the BO SSL-VPN with the HQ SSL-VPN. 1. Add a Static Route to the HQ SSL-VPN Subnet, Device: IPsec VPN 2. In the IPsec VPN -> Internal Policy, add the HQ SSL-VPN subnet as a source address. On the HQ FG: 1. In the wan -> internal SSL-VPN policy (where Action is SSL-VPN) add the BO subnet(s) as destination addresses. 2. Add an ssl.root -> IPsec VPN policy with the HQ SSL-VPN Pool as the source address and the BO subnet(s) as the destination address.
0 REPLIES 0