Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek_OLD
New Contributor

Created on ‎09-16-2021 11:55 PM

Ipsec for a customer to network behind Fortigate

Hello,

I have ipsec vpn connection from my main office with branch office, now I need to create ipsec vpn for a customer that should have access to branch office lan, but connection will be created at main office Fortigate, not directly at branch office.

Main office:

LAN: 10.1.0.0/16

IPSEC to branch use 0.0.0.0 / 0.0.0.0 as phase 2 selectors 

I have connectivity from main office to branch lan.

 

Branch:

Lan: 10.5.0.0/24

Ipsec to main office.

 

Customer:

need to connect using ipsec vpn to my main office, but should get access to 10.5.0.0/24 network

 

How could I do this?

1892
0 Kudos
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Created on ‎09-17-2021 09:17 AM

For the customer VPN part, not much different from branch. Just need to set a network selector like customer_network/xx<->10.5.0.0/24 if no conflict/overlaps for those networks.

Then you need to adjust/add an additional network selector to Main-Branch VPN to allow customer_network/xx can come though. And then you need to have proper routes and policies to allow it on both Main and Branch offices.

1270
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.