Hello, I am facing problem with simple site to site ipsec VPN between tho Fortigates (FG-60F, 7.4.3).
Communication between both subnets is working fine, but I need the remote fortigate to be able to reach local lan. From what I read it is normal the FG does not know it should communicate through the ipsec tunnel, even when it has specified static route. On most parts I have solved this by using "set source-ip" and putting in the FG LAN IP, but for instance external fabric connectors - there does not seems to be way to specify source-ip for external fabric connector, it is not accepting the command.
Main site:
LAN 10.231.32.0/24
FG LAN IP 10.231.32.1
Static route to 10.231.33.0/24 through ipsec
Remote site:
LAN 10.231.33.0/24
FG LAN IP 10.231.33.1
Static route to 10.231.32.0/24 through ipsec
10.231.33.0 <-> 10.231.32.0 works as intended
However each fortigate cannot ping (or reach any other way) the remote subnet, unless source-ip is specified. Is there a way to tell it to use its lan ip to communicate to the remote subnet alway automatically?
Thank you
Regards
Martin
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @Wessnitzer ,
If you use a management IP on your FortiGate, FortiGate wants to send all traffic with this IP. If you add this IP address to the ipsec configuration, your FortiGate can access to the other side.
And also I think you can achieve that request with local out routing. You can read about local out routing on this link.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/848980/local-out-traffic
Which external connector you couldn't give a source-IP? Some external connecter support that feature but some connectors do not.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.