Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPSec VPN, how to share broadcast domains?

I have two networks at either end of an IPSec VPN, we'll call them the Workstation and Server networks.

I have a Windows Deployment Services server that is currently in the Workstation network (to provide Bitlocker Network Unlock to the workstations). Due to licensing, I need the WDS server to be hosted in the Server network instead.

If I simply moved it there, it would no longer be in the same broadcast domain as the workstations, and they wouldn't be able to contact it at boot time for network unlocks.

What's the best way to put a remote server into the local broadcast domain?
New Contributor

Never knew that. Given the local side doesn’t know, surely it’s safer for OP to assume that it’s got a broadcast and network ID?

I’m also surprised that it works like this - given it doesn’t know, I’d think it would lock those two addresses to be safe.

Valued Contributor III

Hello @o1nder ,


You can achieve this request with the vxlan feature.


Vxlan works like an extended broadcast domain via ipsec. You can use the same subnet and broadcast domain on a remote site.


You can review this document for more information about vxlan.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors