- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can remote FortiClient user get access to local lan connected over syte-2-syte tunnel?
Hello.
See picture, please.
Users from LAN-1 access LAN-2 without any problem over syte-2-syte ipsec tunnel.
Also Users from LAN-2 access LAN-1 over syte-2-syte ipsec tunnel.
Question.
Can the remote FortiClient user access internal network 2?
If so, how?
Now access only to network 1.
Thanks.
P.S.
Fortigate1 is FortiGate-61E model.
Fortigate2 is FortiGate-61E model also.
- Labels:
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Yes, SSL VPN users will be able to access the resources across Site to Site tunnel. Please refer to the below article-
https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/45836
Kavya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@kjohri wrote:Hello,
Yes, SSL VPN users will be able to access the resources across Site to Site tunnel.
But remote users use ipsec vpn to connect.
Or does it not matter?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes, you could achieve it. Make sure to add dailup tunnel subnet in phase2 selector of the site-site tunnel.
in FGT1 source :10.5.41.0/24 dest :192.168.8.0/24
in FGT2 source 192.168.8.0 dest :10.5.41.0/24
In FGT2, add a routeto 10.5.41.0 via tunnel interface.
Make sure to have the policies in place at both the firewall.
With this it should work
Created on ‎07-24-2023 07:53 AM Edited on ‎07-24-2023 07:53 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Eugene_Alaska,
Yes It is possible, I thought you were using SSL VPN, If you're using dialup VPN the traffic flow will be same.
In Dialup VPN configuration which you're using for remote VPN, add the traffic selector to access LAN1 and LAN2 subnet.
In VPN configuration between Fortigate 1 and Fortigate 2 add a new traffic selector with Dialup VPN client IP range as local and LAN2 subnet as remote on Fortigate 1, and vice versa on Fortigate 2
Create Policy on Fortigate 1 from dialup VPN to Ipsec VPN with source dialup range with user and destination LAN2, on remote side create a policy from LAN2 towards Ipsec with source LAN2 and destination dialup VPN range, traffic will work as expected.
Hope this helps
Kavya