Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Duka
New Contributor II

Created on ‎04-21-2022 11:00 PM

Multiple IPSec VPN for using zones

Hi Everybody,

some time ago I have done a network segmentation in the headquarters based on zones (client, voip, server) and numerous policies. Now I have to do the same in a remote seat (IPSEC VPN). The remote seat  have the same logic as the main office, although not all VLANs are necessary (only client, VOIP). All routing between the VLANs is done at headquarters.

 

I would like to avoid the following solution

  • Using multiple interfaces in the policies because i lose the "Interface Pair View".
  • Duplicate policies (this makes administration more complex)

my idea
Multiple IPSec VPNs (with diffrent public IPs in the main site - parameter "set local-gw") - one VPN per VLAN, whereby its interface can then be added to the corresponding zone and the existing rules are then used automatically.

 

Since I don't have a test environment, I wanted to ask beforehand whether this is even possible (routing..) or whether I've overlooked something here?

 

Graphic for better understanding.

image.png

Thanks in advanced for your help

 

Regards
Patrick

Labels:
6933
0 Kudos
1 Solution
Duka
New Contributor II

Created on ‎04-28-2022 07:01 AM

Hi,

the connection is now working as expected. As written by both of you, i also had to add the static routes (same priority) so that the connection works from the main office.

 

Key Elements to solve this problem:
-Multiple IPSec VPNs with Tunnel Interface IPs on both sides
-Policy Route on Remote Site - One per VLAN on Remote Site (Gateway = IP of VPN Interface on MainSite)
-Static Routes on Remote and Main Site
-Some policies to allow traffic

 

Many thanks to both of you

 

Regards
Patrick

View solution in original post

6806
10 REPLIES 10
Duka
New Contributor II

Created on ‎04-28-2022 07:01 AM

Hi,

the connection is now working as expected. As written by both of you, i also had to add the static routes (same priority) so that the connection works from the main office.

 

Key Elements to solve this problem:
-Multiple IPSec VPNs with Tunnel Interface IPs on both sides
-Policy Route on Remote Site - One per VLAN on Remote Site (Gateway = IP of VPN Interface on MainSite)
-Static Routes on Remote and Main Site
-Some policies to allow traffic

 

Many thanks to both of you

 

Regards
Patrick

6807
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.