Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adogra
New Contributor

Add new IP subnet in existing ipsec vpn tunnel custom type.

Hi folks,

 

I'm trying to add another ip subnet range in existing ipsec tunnel which is custom type with phase 1 and phase 2. I  have added in existing  IPv4 policy traffic in and out policy (source to destination using tunnel interface) that subnet too. but it doesn't seem to be working still can't reach to that ip range from remote ipsec vpn tunnel site.

 

Question:

Do I need to add that subnet range in phase2 at both end fortinet FW to make it work ?

Does it also require to disable and enable ipsec tunnel?

 

Thanks

A

 

1 REPLY 1
ede_pfau
Esteemed Contributor III

You need 3 things to allow traffic to or from a (new) subnet:

- a phase2 for this subnet

- an address object for this subnet

- a policy allowing traffic to/from the tunnel to (usually) the LAN

- a route pointing to the tunnel if the subnet is on the remote side

 

I guess the route is missing. Check in Monitor>Routing Monitor.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors