Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
edy_othman
New Contributor II

Created on ‎03-03-2022 06:15 AM

IP Sec VPN tunnel from 2 WAN port connected to 1 WAN port

Hi Everyone, I would like to seek an advice if is it possible to create 2 IP Sec VPN tunnel on fortigate firewall with 1 WAN interface ? if so is there any link or documentation that I can refer how to do so ?

I attached some topology for better understanding on this thing.Logical Diagram.PNG

Labels:
3995
0 Kudos
1 Solution
edy_othman
New Contributor II

Created on ‎03-03-2022 07:45 PM

Issue solved...turn out to be some mismatch configuration on the preshared key..when I key in the preshared key again and the tunnel established..thank for helping

View solution in original post

3965
5 REPLIES 5
akristof
Staff
Staff

Created on ‎03-03-2022 06:26 AM

Hello,

 

Thank you for your question. Yes, it is completely possible. There is really nothing special from configuration pov. On left FortiGate, you will create 2 ipsec tunnels each for different wan link. The remote-gw will be 30.30.30.1. And on the right FortiGate, you will configure also 2 ipsec tunnels, both bounded to the same wan interface, one tunnel will have remote-gw 10.20.20.1 and second tunnel will have 10.30.30.1. And that's it.

Link to standard ipsec tunnel guide:

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/281288/site-to-site-ipsec-vpn-with-two-f...

Adrian
3949
0 Kudos
edy_othman
New Contributor II

Created on ‎03-03-2022 07:34 AM

Hi akristof,

 

just now I just configure my fortigate with 2 different IP Sec tunnel to the same WAN port however I discovered that 1st VPN Tunnel is able to up and 2nd VPN Tunnel is down. Both side configuration is the same. I check on the events VPN log and discovered the "Action delete_phase1_sa". Is there anything that I need to check further ?

3946
0 Kudos
akristof
Staff
Staff
In response to edy_othman

Created on ‎03-03-2022 07:39 AM

Hi.

 

Can you share phase1 configs of tunnels from both devices?

Adrian
3945
0 Kudos
edy_othman
New Contributor II
In response to akristof

Created on ‎03-03-2022 07:21 PM

Hi akristof,

 

I did this testing with Ali Baba Cloud (ABCloud) to established the IP Sec VPN, however the concept is the same which is ABCloud with 2 WAN port interface established connection to Fortigate 1 WAN port interface. you may refer to configuration on both devices.IPSecTunnel.PNGIPSecTunnel1.PNGIPSecTunnel2.PNGAliBaba Cloud.jpegAliBaba Cloud1.jpegAliBaba Cloud2.jpeg

3926
0 Kudos
edy_othman
New Contributor II

Created on ‎03-03-2022 07:45 PM

Issue solved...turn out to be some mismatch configuration on the preshared key..when I key in the preshared key again and the tunnel established..thank for helping

3966
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.