IPSec VPN Clients Accessing Remote Subnets across Site to Site VPN
Hi Guys, Hoping someone can help. I have Site to Site VPN established between two sites. Site A and Site B. Site A IPSec VPN Subnet - 10.10.10.1.0/24 | Site B Local LAN Subnet 192.168.1.0/24 I want Site A IPsec VPN Clients to access resources hosted on Site B, which are connected thru STS VPN. 1.) I've already created static routes between Site A and Site B Subnets on both FG.
2.)I already have Policies established to allow Site A VPN Subnet access to Site B Local Subnet.
3.) I also have included both subnets in their respective Phase 2 selectors.
I ran a ping test from Site A VPN to Site B subnet , and was only able to ping its gateway 192.168.1.1.
Not sure as to what more i must include in order to establish connection to the rest of 192.168.1.0/24.
Feel free to chime in thoughts. Thanks in advance.
*Note that the two FG are connected using different IP addressed in the same Public IP Block xxx.xxx.x.x/29..not sure if that would cause any issues.
From the output, I could see that "No matching IPsec selector, drop. This means the Local/Remote subnet is not matching under Phase2 selectors. Navigate to IPsec tunnels, edit the tunnels, and under Phase 2 selectors please verify if the Local and remote subnet matches.
From the logs, I could see that the source is 188.8.131.52, and the destination IP is 192.168.1.6. Please verify and update the IP's accordingly, If you have NAT enabled in the policy then kindly disable it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.