I have a site to site VPN between the head office and the branch office that has been working flawlessly for over a year. We have Fortigate 50e's at both ends. The branch office has the built in wifi. At the branch office there is a wifi network that has access to the wired network at that location. What I want to do is allow the wifi network at the branch office reach the wired network at the head office. So far I have created static routes on both ends pointing from the local subnet to the tunnel interface. I changed the stage 2 vpn tunnel config to allow the subnets at both ends to cross the tunnel. I created policy routes allowing the traffic from both subnets to cross the tunnel.
It is still not working and I'm stumped.
I'd appreciate any suggestions. Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I do this this way here:
S2S Ipsex Phase 2 Selectors are set to 0.0.0.0/0.0.0.0 on both sides.
then Shop has a static route to our lan (needed as reverse path).
HQ has a static route to each subnet we need to reach at the Shop.
then both sides have policies to allow the required traffic to flow.
Of course that assumes that all subnets somehow can reach the FortiGate at Shop and vice versa.
Works fine here.
I use this way because I need to reach more than one subnet and subnets are too different to cope them with one subnet mask.
Using the p2 selectors in this case would limit you to one remote subnet and one local subnet.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
You can use address groups for the phase 2 selectors to get around the single subnet limitation. At least that's what I've built and am planning to test tomorrow for a new branch network design.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.