Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sameer_Parvaiz
New Contributor

Two IPSEC VPN Tunnels between two Fortigate FW's

Hi There,

 

One of my customers is requesting to create one additional VPN tunnel between the same live IP's which already has one IPsec tunnel up/running. I want to know is it possible in Fortinet FW.

 

Two physical devices with two IPsec tunnels for two different LAN subnet. 

 

The solution which I am getting in my mind is to add one more phase 2 for 2nd remote end LAN subnet.

 

Please let me know if it is possible if yes is there any doc for this.

 

Regards

Sameer Parvaiz

2 REPLIES 2
Markus
Valued Contributor

Hi,

 

Welcome to the Forums.

 

If the IPSec tunnel is labeled Site to Site - Fortigate, you have to convert to custom tunnel to add additional phase 2. Another way is to setup the remote subnet as 0.0.0.0/0, route the traffic and use policies. Regards,

Markus


________________________________________________________
--- NSE 4 ---
________________________________________________________

emnoc
Esteemed Contributor III

Yes you need a 2nd phase2 tunnel

 

 

e.g

 

config vpn ipsec phase2-interface     edit "DIGOCPH2-1"         set phase1name "DigitalOceanAMS"         set dhgrp 2         set keylifeseconds 3600         set src-subnet 10.3.0.1 255.255.255.255         set dst-subnet 192.168.23.0 255.255.255.0     next    edit "DIGOCPH2-2"         set phase1name "DigitalOceanAMS"         set dhgrp 2         set keylifeseconds 3600         set src-subnet 10.3.0.1 255.255.255.255         set dst-subnet 192.168.10.0 255.255.255.0     next end

PCNSE 

NSE 

StrongSwan