I am having trouble with my configuration, I can successfully established connection with both firewall but I cannot access the VLAN on the branch firewall.
Here is my config:
Local Subnet: 192.168.100.0/24
Remote Subnet: 192.168.50.0/24
Local Subnet: 192.168.50.0/24
Remote Subnet: 192.168.100.0/24
Static Route HQ:
Static Route BRANCH:
My firewall policies:
incoming interface: hq-to-branch
outgoing interface: lan
incoming interface: lan
outgoing interface: hq-to-branch
My problem is I cannot access the following VLAN subnet in the branch firewall
Thank you in advance!
Go to Solution.
either that or leave the p2 selector at 0.0.0.0/0.0.0.0 and have routing plus policy handle the rest.
Also on s2s you don't need to enter a gateway. The IPSec Tunnel as destination interface for the static route is enough.
Works fine here this way with various vlans on both sides :)
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
View solution in original post
I could see you have added "192.168.100.0" and "192.168.50.0" as local and remote phase 2 selectors, you need to add the networks which you want to access in the local and remote phase 2 selectors.
Then you need to configure static routes for the same.
Here in your scenario, you did not defined "10.10.20.0" and "10.10.30.0" networks in phase 2 selectors of the firewall.
You can use this article for your reference:
Thanks for share great information.Defined "10.10.20.0" and "10.10.30.0" networks in phase 2 selectors of the firewall.
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/281288/ slope 2 unblocked site-to-site-ipsec-vpn-with-two-fortigate-devices