Hi Team,
I am searching a solution for my client. He is having 5 sites in different - 2 countries. Now IPsec Site to Site VPN tunnels and (One site) Dial-up User IPsec VPN are working fine from HO office. Today client has requested for Intersite communication also. I don't want to make VPN tunnel between sites because some sites having low bandwidth.
How I can archive the solution now. I got a solution as VPN Concentrator on the fortigate website:
Please help me. Is it a good solution for me? Do I need any dynamic routing?
Regards,
Deepak Kumar
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Of course you can. Routing protocol is necessary when you have fail-over paths.
I would avoid policy-based IPSec due to difficulties/limitations. Now most of modern IPsec VPNs are route-based.
You just need to take care of three things: 1. routing at each spoke locations to get to the destination over the tunnel, 2. the IPsec tunnels to spokes allow the traffic if you have set specific selectors in Phase2. and 3. policies allowing the traffic at each spoke, but if you set a zone+allow IntraZone at the HUB as in the cookbook you don't have to worry about the policy between spokes at the HUB.
Hi,
Thanks for the reply. Can I use the static route toward to tunnel interface at all locations or special requirement for any dynamic routing as OSPF, BGP or RIP?
Of course you can. Routing protocol is necessary when you have fail-over paths.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.