Hi,
Our scenario is :-
Already has a IPsec connection between two offices , HQ and Site Office. The Site Office is behind a NAT device.
HQ Fortigate ---------IP Sec-----NAT device-----Site Office Fortigate1
We need one more IPSec connection between the same offices.
ie. HQ Fortigate---IPSec----NAT device---Site Office Fortigate2.
ie we use same NAT device for both Fortigate1 and Fortigate2.
So is it possible to use same LAN IP which is used in SiteOffice Fortigate1 , for Site Office Fortigate2 also.
ie same LAN IPs in both. Is it possible.
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think you need to look at peer-id per tunnel. Same I don't quite understand the question but you can have 2 sites and all behind a NAT-device just keep in mind this endpoint will need NAT-T and by using peerid you can define each tunnel to be unique to that peerid
Ken
PCNSE
NSE
StrongSwan
Your problem is not the LAN address but the WAN address. It's the same for both tunnels, and there cannot be two IPsec tunnel between the same public addresses. So, IMHO, this will not work.
daj1985 wrote:Hi,
Our scenario is :-
Already has a IPsec connection between two offices , HQ and Site Office. The Site Office is behind a NAT device.
HQ Fortigate ---------IP Sec-----NAT device-----Site Office Fortigate1
We need one more IPSec connection between the same offices.
ie. HQ Fortigate---IPSec----NAT device---Site Office Fortigate2.
ie we use same NAT device for both Fortigate1 and Fortigate2.
So is it possible to use same LAN IP which is used in SiteOffice Fortigate1 , for Site Office Fortigate2 also.
ie same LAN IPs in both. Is it possible.
Thanks
Hi Daj,
Please don't feel offended but unfortunately I could not understand that why are you trying to have a second IPsec tunnel between the same remote subnet?
Thanks,
Prab
I think you need to look at peer-id per tunnel. Same I don't quite understand the question but you can have 2 sites and all behind a NAT-device just keep in mind this endpoint will need NAT-T and by using peerid you can define each tunnel to be unique to that peerid
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.