Hello,
I have 2 sites with fortigates connected by IPsec, both can reach each other.
I wanted to know if there is a possibility to be connected with Forticlient at the site A, and be able to reach site B ?
I tried to do a Firewall policy from the Site A tunnel IPSec FortiClient to the Tunnel towards the site B, but it's not working, maybe it's not possible and I'm totally wrong.
Many thanks for your help !
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I resolved the issue ! In the site B, Adding the SSL VPN Range ip in the firewall policy coming from the ipsec tunnel (source), the route as said by Julien and I forgot to add the phase 2 selectors in the site B also ! Many thanks for your help
Hi,
Yes it's possible, you can check this link.
best regards,
Many thanks for your help Julien,
The last sentences of the KB said :
Ensure NAT is disabled and Route for the remote subnet is present.
***On the peer side ensure the route for the SSL-VPN subnet is configured.
I'm not sure about what they want me to do it, is it a route of firewall policy that they ask me to do ?
Hi,
On side remote, you need toadd a route for the SSL IP by the Tunnel (for return path).
And on each policy rules, you cannot enabled NAT, it's better. (the tunnel interface have not ip address configured by default)
Best regards,
Hello Julien,
Many thanks for your help, but for the moment it's still not working, I would like to know what I'm doing wrong..
Site A : Adding the remote network of the Ipsec tunnel destination
Site A :
Adding the 2nd Phase 2 selectors with the SSL subnet in local y remote subnet of IPsec Tunnel in Remote
Site A:
Creating the firewall policy From SSL tunnel to IPsec tunnel toward the remote site without NAT.
Site A:
The route to go toward the IPsec tunnel of the remote subnet.
Site B :
Route destination toward the SSL subnet from Site A, with IPsec tunnel interface:
If you are seen something strange in my configuration, please let me know !
Merci beaucoup.
I resolved the issue ! In the site B, Adding the SSL VPN Range ip in the firewall policy coming from the ipsec tunnel (source), the route as said by Julien and I forgot to add the phase 2 selectors in the site B also ! Many thanks for your help
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.