Hi all,
Not sure where this topic should be posted since it overlaps between IPSEC site to site and LDAP authentication, but i'll give it a go here.
I'm having a peculiar request:
1. 2 sites on a site to site VPN - Site A (main office) & Site B (branch office)
2. At present the connection from B to A is not in a route all state, and each site goes out through its own connection for internet access
3. Site A's VPN access is authenticated through LDAP to their Local Active Directory in Site A
Now there is a requirement where I need to allow users from site B to access via site A's VPN
My question is:
1. How do i reach site B's Active Directory / LDAP through the site to site for this authentication to occur?
2. Locally, on site A, it is able to ping site B's Active Directory server
3. I've created the LDAP entry on the Fortigate, but it is unable to reach
Could someone point what I may have missed out?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, not sure if I understand the question, but maybe the problem is in source IP address. If the IPsec tunnel is not addressed, system will use another IP for the source address of the LDAP connection, which is possibly not routable/reachable on the other side with LDAP server.
Fishbone)(
smithproxy hacker - www.smithproxy.org
Hi dethangel
please look at the soure-ip parameter in the ldap configuration on the branch office FortiGate.
config user ldap
edit <your-ldap-entry>
set source-ip x.x.x.x
set the ip to the internal ip address of your FortiGate.
Marco
Hi, not sure if I understand the question, but maybe the problem is in source IP address. If the IPsec tunnel is not addressed, system will use another IP for the source address of the LDAP connection, which is possibly not routable/reachable on the other side with LDAP server.
Fishbone)(
smithproxy hacker - www.smithproxy.org
Hi dethangel
please look at the soure-ip parameter in the ldap configuration on the branch office FortiGate.
config user ldap
edit <your-ldap-entry>
set source-ip x.x.x.x
set the ip to the internal ip address of your FortiGate.
Marco
Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.