Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scfo
New Contributor

Help Configuring IPSec VPN Remore Access on Vdom without Wan connection

Hi,

We have a topology similar to the one described by this article:

Technical Tip: Configuring IPSec VPN tunnels on VD... - Fortinet Community

@dbabic 

but instead of a Fortigate on Site B, we need to establish a VPN from a FortiClient connected to the wan link (root vdom).

What configuration shall we use for this case? Is it even feasible?

Additionally from the example post we are not sure where the 172.16.1.1 ip address is defined (is it the wan interface on site B?) In that case, why is it configured as a remote gw in vdom1?

Thank you in advance!

FortiGate 

FortiClient 

 

1 REPLY 1
scfo
New Contributor

Just to clarify the question regarding 172.16.1.1 ip address, as per below, in the article the VIP mapping used in the incoming policy in root Vdom uses 172.16.1.1 as the external ip, shouldn't it be the ip address of root Vdom wan1 interface? 172.16.1.1 seems to be the IP of the remote site B as per the rest of the configuration

 

#config firewall vip
edit " VIP-10.0.0.2"
set extip 172.16.1.1
set extintf "wan1"
set mappedip "10.0.0.2"
next
end

Labels
Top Kudoed Authors