Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
5q46n2te8jPWJY
Contributor

L2 vpn over Internet with Fortigate VM02

 

Hello everyone,

I need your opinions and experience to help me in my design. Here is my architectural diagram

 

2024-04-30 15_59_28-Schéma Forti.drawio - draw.io.png

I want VLAN10 from site A to be able to join VLAN10 from site B. Same for VLAN20 and VLAN30.

I also want each VLAN to be able to join the internet.

And finally, I also want VLAN10, 20, 30 to be able to join together, via the Fortigate filtering rules

 

What is the best way to get there?

Thanks for your help !

 

3 REPLIES 3
pminarik
Staff
Staff

VXLAN over IPsec is the typical Forti-solution for extending L2 over a VPN.

You can start here: https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38079/vxlan

[ corrections always welcome ]
5q46n2te8jPWJY
Contributor

I tried following this documentation: https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/821119/vxlan-over-ipsec-tunn...

 

But I'm stuck at step 6: set member "port1" "vxlan".

 

Unable to add my port1 in my virtual-wire-pair. I can't understand why...

pminarik

To fix this, you will most likely need to remove all references to port1 (i.e. delete existing policies).

 

But you probably don't want to do this with VWP. I would expect that implementation with a virtual switch is more universal and useful for customers.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/247006/vxlan-over-ipsec-usin... This doc is better, but you need to ignore the Hub-and-spoke setup and do it for a simple site-to-site.

[ corrections always welcome ]
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors