Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sandeshpatil6524
New Contributor

Created on ‎09-02-2024 01:26 AM

IP Sec VPN multiple subnets

I want to add multiple subnets in my existing IP Sec VPN tunnel.

could you please suggest is it possible??

Labels:
1470
0 Kudos
10 REPLIES 10
ozkanaltas
Valued Contributor III

Created on ‎09-02-2024 01:33 AM

Hello @sandeshpatil6524 ,

 

Yes, you can. You need to just add button on the phase 2 selectors area in existing ipsec tunnel configuration. 

 

After clicking, a new phase 2 configuration area will show. 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1297
sandeshpatil6524
New Contributor
In response to ozkanaltas

Created on ‎09-02-2024 03:42 AM Edited on ‎09-02-2024 03:44 AM

Yes i found this tab and also added this in phase 2, but unable to ping from my remote location to office location.

 

 

 

1273
0 Kudos
ozkanaltas
Valued Contributor III
In response to sandeshpatil6524

Created on ‎09-02-2024 03:52 AM

Hello @sandeshpatil6524 ,

 

Did you add a static route and policy for the new subnet? Because ipsec needs these two components to bring up the tunnel. Also, you need to configure it on a remote site for a new subnet. If you didn't do that tunnel won't be up.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1248
0 Kudos
sandeshpatil6524
New Contributor
In response to ozkanaltas

Created on ‎09-02-2024 04:15 AM

can we connect over call?? its better to describe what actually i want

1231
0 Kudos
sandeshpatil6524
New Contributor
In response to sandeshpatil6524

Created on ‎09-02-2024 04:15 AM

if yes my contact no is +919623746857

1230
0 Kudos
ozkanaltas
Valued Contributor III
In response to sandeshpatil6524

Created on ‎09-02-2024 04:48 AM

Hello @sandeshpatil6524 ,

 

We can't make any calls. This platform is a community. If you want to get support with a call, you can create a case to Fortinet support. Fortinet support engineers can make calls with you.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1210
0 Kudos
sandeshpatil6524
New Contributor
In response to Ashishdeep

Created on ‎09-02-2024 10:34 PM

Hi Ashideep,

 

Thanks for the information,but im using tplink er 605 vpn router at my branch site.

so how could  it be working?

1149
0 Kudos
SonaMuvv
Staff
Staff
In response to sandeshpatil6524

Created on ‎09-03-2024 05:23 PM

Hello,

Once the phase 2 selectors are added on either end of the vpn tunnel.
1) Make sure there is a static/dynamic route to the remote address(mentioned in the phase 2 selector)

-verify the routing table - get router info routing-table details x.x.x.x  ---> remote ip address

2) Make sure you have policy to allow the traffic for that specific phase 2 selectors

3) You will have to check the above mentioned points on both firewalls

1083
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.