Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPsec VPN inside VDOM
Hi Guru' s,
I am new in fortigate device (110C) even in the IPsec vpn itself so please bare with me. My issue is, I am trying to create an ipsec vpn tunnel on Fortigate 110C (4.0 build 0192) under default vdom root, everything seems to be working fine. and I can see that vpn tunnel is showing up when I try to bring it up.
But I wanted to create 2 VDOM' s on this devices and when I did, I can no longer see tunnel interfaces being created after creating phase1 on the ipsec vpn. ie I create ipsec phase1 named testvpn, then testvpn2 for phase2, under root vdom, it automatically created testvpn tunnel interface binded under the port I used in phase1, however it doesn' t do it inside a created vdom.
Please assist me on how to get about this, I am not sure if there is a specific way of doing this inside virtual domain.
I am looking forward to your suggestions and inputs. c" ,)
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you forget to check interface mode in the vdom phase1' s?
Common mistake as default is tunnel mode.
Cheers, Eric
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Eric,
Ya, you are right, I forgot to check that. thanks again. I will keep you posted if I got it working. I appreciate your prompt reply.
-cheers!-
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Eric,
I was able to create the phase1 tunnel, however I am still not able to up the ipsec tunnel for some reason.
I created two static route. First is any source IP going out it will use my router IP as its gateway where WAN interface is connected and set device to the WAN interface. The second route I created was for the Private network on the other side, leaving gateway blank and used the phase1 tunnel as Device.
I also created a firewall rule to set Trust to Untrust allow all and vice versa.
Do I need to use ssl.vdom that was created under this VDOM and create another route? Does it need to be part of Trust or Untrust?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Eric,
Thanks, for all the advice. I was able to get this thing up and running. Was just about the " NAT Travelsal that was set to enable" that I did not remove.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It' s no big deal.
If you have no need for NAT on both sides, you can remove NAT Traversal on both sides from the config. It makes the IPsec negotiation faster.
Cheers, Eric
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Rackmount your Fortinet --> http://www.rackmount.it/fortirack