Hello.
See picture, please.
Users from LAN-1 access LAN-2 without any problem over syte-2-syte ipsec tunnel.
Also Users from LAN-2 access LAN-1 over syte-2-syte ipsec tunnel.
Question.
Can the remote FortiClient user access internal network 2?
If so, how?
Now access only to network 1.
Thanks.
P.S.
Fortigate1 is FortiGate-61E model.
Fortigate2 is FortiGate-61E model also.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Yes, SSL VPN users will be able to access the resources across Site to Site tunnel. Please refer to the below article-
https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/45836
@kjohri wrote:Hello,
Yes, SSL VPN users will be able to access the resources across Site to Site tunnel.
But remote users use ipsec vpn to connect.
Or does it not matter?
yes, you could achieve it. Make sure to add dailup tunnel subnet in phase2 selector of the site-site tunnel.
in FGT1 source :10.5.41.0/24 dest :192.168.8.0/24
in FGT2 source 192.168.8.0 dest :10.5.41.0/24
In FGT2, add a routeto 10.5.41.0 via tunnel interface.
Make sure to have the policies in place at both the firewall.
With this it should work
Created on 07-24-2023 07:53 AM Edited on 07-24-2023 07:53 AM
Hello Eugene_Alaska,
Yes It is possible, I thought you were using SSL VPN, If you're using dialup VPN the traffic flow will be same.
In Dialup VPN configuration which you're using for remote VPN, add the traffic selector to access LAN1 and LAN2 subnet.
In VPN configuration between Fortigate 1 and Fortigate 2 add a new traffic selector with Dialup VPN client IP range as local and LAN2 subnet as remote on Fortigate 1, and vice versa on Fortigate 2
Create Policy on Fortigate 1 from dialup VPN to Ipsec VPN with source dialup range with user and destination LAN2, on remote side create a policy from LAN2 towards Ipsec with source LAN2 and destination dialup VPN range, traffic will work as expected.
Hope this helps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.