I have two fortiGate FG110C in HO and FG50B in Branch side.I have created IPsec route based tunnel Vpn successfully, but problem is that both side have same subset but different IPs HO side have assign ip series 192.168.1.1-80/24 and branch side IPs 192.168.1.90-200/24.
I want access all PC' s which is place in branch site, so anyone can help or give me guide regarding IPsec route based VPN tunnel with over lapping.
Thanks and Regards
this is the worst case when connecting 2 remote subnets.
In principle you can destination NAT outgoing traffic (VIP) and source NAT incoming (IP pool) in one policy, and vice versa in the other. But that is a little bit clumsy.
In your case, you could make your life easier with subnetting. Instead of a /24 network mask, you could use a /25 mask like 192.168.x.0/25 (HO) and 192.68.x.128/25 (remote). Note that you loose access to IPs .90-.127 on the branch side. And it takes some effort on the network clients as well.
You can find a detailed example for double NATting in the FortiOS Handbook, and maybe in the Cookbook as well (both on docs.fortinet.com). There are several KB articles on this subject as well.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.