Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Deepakkhw
New Contributor III

How to enable communication between IPsec Tunnels

Hi Team,

I am searching a solution for my client. He is having 5 sites in different - 2 countries. Now IPsec Site to Site VPN tunnels and (One site) Dial-up User IPsec VPN are working fine from HO office. Today client has requested for Intersite communication also. I don't want to make VPN tunnel between sites because some sites having low bandwidth. 

 

How I can archive the solution now. I got a solution as VPN Concentrator on the fortigate website:

 

http://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-ipsecvpn-52/Hub_and_Spoke_Config/...

 

Please help me. Is it a good solution for me? Do I need any dynamic routing?

Regards,

Deepak Kumar

 

 

 

1 Solution
Toshi_Esumi
Esteemed Contributor III

Of course you can. Routing protocol is necessary when you have fail-over paths.

View solution in original post

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

I would avoid policy-based IPSec due to difficulties/limitations. Now most of modern IPsec VPNs are route-based.

You just need to take care of three things: 1. routing at each spoke locations to get to the destination over the tunnel, 2. the IPsec tunnels to spokes allow the traffic if you have set  specific selectors in Phase2. and 3. policies allowing the traffic at each spoke, but if you set a zone+allow IntraZone at the HUB as in the cookbook you don't have to worry about the policy between spokes at the HUB.

Deepakkhw

Hi,

Thanks for the reply. Can I use the static route toward to tunnel interface at all locations or special requirement for any dynamic routing as OSPF, BGP or RIP?

 

 

Toshi_Esumi
Esteemed Contributor III

Of course you can. Routing protocol is necessary when you have fail-over paths.

Labels
Top Kudoed Authors