Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adogra
New Contributor

Created on ‎03-06-2019 09:00 AM

Add new IP subnet in existing ipsec vpn tunnel custom type.

Hi folks,

 

I'm trying to add another ip subnet range in existing ipsec tunnel which is custom type with phase 1 and phase 2. I  have added in existing  IPv4 policy traffic in and out policy (source to destination using tunnel interface) that subnet too. but it doesn't seem to be working still can't reach to that ip range from remote ipsec vpn tunnel site.

 

Question:

Do I need to add that subnet range in phase2 at both end fortinet FW to make it work ?

Does it also require to disable and enable ipsec tunnel?

 

Thanks

A

 

4629
0 Kudos
1 REPLY 1
ede_pfau
SuperUser
SuperUser

Created on ‎03-06-2019 10:39 AM

You need 3 things to allow traffic to or from a (new) subnet:

- a phase2 for this subnet

- an address object for this subnet

- a policy allowing traffic to/from the tunnel to (usually) the LAN

- a route pointing to the tunnel if the subnet is on the remote side

 

I guess the route is missing. Check in Monitor>Routing Monitor.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2979
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.