- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LAN over WAN tunnel
Hello, everyone,
I would like some advice on how I could make a bridge of a LAN subnet over a WAN connection.
I would like to use a GRE tunnel that succeeds through an IPSEC connection between the two FGTs the ability to reach hosts from the other site that share the same subnet. However, I have not found many examples of this configuration.
Instead, I have seen a solution called Lan Extension that uses an IPSEC tunnel where VxLANs are carried. It is a solution that I see as very complicated to put on .
Do you have experiences for this kind of needs and scenarios ?
Thanks
Fabio
Solved! Go to Solution.
- Labels:
-
FortiGate
-
IPsec
-
WAN optimization
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I found an article that did just my purpose.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/184150/vlan-inside-vxlan
Even without the Ipsec tunnel.
Was very useful and easy to implement because it is also applicable to our system composed of Vlan ( 802.1q)
In this article, it talks about the fact that within the switch software, interfaces in 802.1q is not supported:
Thank @hbac for inspiration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Fabio,
take a look at following guide:
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Fabio
I'm not network expert but I know only VxLAN can do that.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/38079/vxlan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Fabio,
I believe VXLAN is the only option. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Basic-VXLAN-over-IPsec-configuration/ta-p/...
However, it is possible to use NAT to avoid overlapping subnets: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-an-IPsec-tunnel-with-Over...
The simplest way is not to use the same subnet for both sides.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi guys,
I found an article that did just my purpose.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/184150/vlan-inside-vxlan
Even without the Ipsec tunnel.
Was very useful and easy to implement because it is also applicable to our system composed of Vlan ( 802.1q)
In this article, it talks about the fact that within the switch software, interfaces in 802.1q is not supported:
Thank @hbac for inspiration.