- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN, how to share broadcast domains?
I have two networks at either end of an IPSec VPN, we'll call them the Workstation and Server networks.
I have a Windows Deployment Services server that is currently in the Workstation network (to provide Bitlocker Network Unlock to the workstations). Due to licensing, I need the WDS server to be hosted in the Server network instead.
If I simply moved it there, it would no longer be in the same broadcast domain as the workstations, and they wouldn't be able to contact it at boot time for network unlocks.
What's the best way to put a remote server into the local broadcast domain?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Never knew that. Given the local side doesn’t know, surely it’s safer for OP to assume that it’s got a broadcast and network ID?
I’m also surprised that it works like this - given it doesn’t know, I’d think it would lock those two addresses to be safe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @o1nder ,
You can achieve this request with the vxlan feature.
Vxlan works like an extended broadcast domain via ipsec. You can use the same subnet and broadcast domain on a remote site.
You can review this document for more information about vxlan.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38079/vxlan
NSE 4-5-6-7 OT Sec - ENT FW