Hi,
I need some help for configuring an IPSec VPN tunnel on a Fortigate that has WAN1 and WAN2, configured as secondary with a bigger distance value.
We need to use WAN2 to configure a site-to-site ipsec, but I'm struggling with let it work; before adding the second connection on WAN2, it was configured on WAN1 without problem.
Any tips for me for the configuration?
Thanks!
Hi @enrico_l,
I believe you created a new tunnel for WAN2 but it is not coming up? A bigger distance value is controlled by the static route. Please refer to https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/432685/manual-redundant-vpn-...
Regards,
No, we have to different internet connections, and we want to use primary for users and normal traffic, the secondary to another company site to share local resources
Did you create a tunnel for WAN2 for sharing resources?
You need to make sure both WAN interfaces appears in the routing table. You can run this command to check "get router info routing-table all".
Regards,
I did create the tunnel for Wan2 to the remote gw ( the one in yellow xxx.xxx.. )
You don't have a default route via wan2 which is why the tunnel is not working. The IPsec tunnel configured on wan2 won't be able to negotiated if there is no default route via wan2.
You need to have a default route for wan2 with the same administrative distance as wan1. You can give it a lower priority if you want it to be secondary. The administrative distance of your wan1 is 5.
Regards,
Where is the problem? The new IPsec configuration? Phase1 is not coming up? The traffic is not correctly routed? Allowing traffic from companyA to companyB (so traffic from Wan1 IPsec to Wan2 IPsec)?
phase1 not coming up
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.