Currently I have a IPSEC VPN connection setup between site1 and site2. Everything works fine 98% of the time however it does eat up some bandwidth on our main line and we do have a dedicated Point to Point line we pay for (P2P). The current setup can be seen in the first graphic.
My goal is to connect site1 and site2 together using the 2Mb dedicated line we pay for from our ISP. I initially tired to setup this connection however something was wrong with my config and I couldn' t get it to work on that day and I shelved it until I could get the time to revisit which is now. I basically need to connect both LAN together since all the servers are at site2. The graphic below illustrates what the connection will look like in the end with the P2P line in use.
Basically my initial config for the site to site P2P connection was the following.
Site1 - FG-110C:
Port1 = LAN (192.168.7.1)
Port2 = P2P Connection (192.168.9.2).......(maybe I should have made this interface IP 192.168.7.2 instead to match LAN?)
Port3 = INTERNET
Site2 = FG-300A:
Port1 = LAN (192.168.0.1)
Port2 = P2P Connection (192.168.9.1).......(maybe I should have made this interface IP 192.168.0.2 instead to match LAN?)
Port3= INTERNET
Then I created a policy on each Fortigate that said Port1 to Port2 Allow ANY and Port2 to Port1 Allow ANY. I also needed to setup a static route but cannot remember what I put. I feel the problem is in the static route setting. Does anyone have any advice on the config? I setup multiple variations of the config but I never could get the connection to work between the two sites.
Just a side note; the P2P line does work indeed. If I take both ends of the P2P connection and plug them into one of the LAN switches on both ends, traffic flows. So the P2P connection does work, I jsut cannot get it configured correctly using the two fortigates.
My goal is to connect site1 and site2 together using the 2Mb dedicated line we pay for from our ISP. I initially tired to setup this connection however something was wrong with my config and I couldn' t get it to work on that day and I shelved it until I could get the time to revisit which is now. I basically need to connect both LAN together since all the servers are at site2. The graphic below illustrates what the connection will look like in the end with the P2P line in use.
Basically my initial config for the site to site P2P connection was the following.
Site1 - FG-110C:
Port1 = LAN (192.168.7.1)
Port2 = P2P Connection (192.168.9.2).......(maybe I should have made this interface IP 192.168.7.2 instead to match LAN?)
Port3 = INTERNET
Site2 = FG-300A:
Port1 = LAN (192.168.0.1)
Port2 = P2P Connection (192.168.9.1).......(maybe I should have made this interface IP 192.168.0.2 instead to match LAN?)
Port3= INTERNET
Then I created a policy on each Fortigate that said Port1 to Port2 Allow ANY and Port2 to Port1 Allow ANY. I also needed to setup a static route but cannot remember what I put. I feel the problem is in the static route setting. Does anyone have any advice on the config? I setup multiple variations of the config but I never could get the connection to work between the two sites.
Just a side note; the P2P line does work indeed. If I take both ends of the P2P connection and plug them into one of the LAN switches on both ends, traffic flows. So the P2P connection does work, I jsut cannot get it configured correctly using the two fortigates.
