Forward internet traffic over IPsec tunnel for specific subnets

mass1q · ‎02-23-2025

I'm having an hard time to forward internet traffic over IPsec tunnel for specific subnets, basically i want that computers in the siteB subtnet access the internet though SiteB gateway via the IPsec tunnel.

This is the official documentation:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-internet-traffic-over-IPsec-tunnel...

First of all it's poorly explained how to add the gateway to the phase 2 selectors (Note: make sure to include the gateway IP in phase 2 selectors of the tunnel to allow traffic)

Can someone more advanced that me explain how to do it? Many thanks

kaman · ‎02-23-2025

Hi mass1q,

You can refer to the below document where @saneeshpv_FTNT described exactly what to do.

https://community.fortinet.com/t5/Support-Forum/Route-two-subnets-to-internet-over-IPsec-tunnel/td-p...

Regards,

mass1q · ‎02-27-2025

Thank you very much, it helped me a lot. I needed to forward all internet traffic from site B (branch) to site A (HQ), route policy was the key to make it happen. I also had to assign static ip to the IPsec interfaces and set the remote one as gateway in the route policy.

In case tunnel goes down I also need to block all traffic going to the site B local WAN, is it possible? Basically I want that internet for site B is reachable only through the IPsec in site A

Forward internet traffic over IPsec tunnel for specific subnets

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website