I have a "Remote Facility" that has equipment that is to be monitored by two separate operations centers.
The remote facility has two distinct private subnets that are not interconnected and need to remain so.
I have successfully configured two site-to-site IPSEC VPNs (Fortigate to Fortigate) from one Operations Center and can access hosts on those LANs.
I cannot establish a second site to site connection from Operations Center 2. I can build the dialer from the NATed side and the connector on the Remote Facility side but when selecting the Tunnel status, the second tunnel doesn't even show up so that I can select "bring up". Attached is a diagram. I'm sure there are smart people out there who will tell me how I "should" be doing this.
Any help appreciated.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID". Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.
You could use DDNS on the remote fortigates to learn their external IP address and use that as the remote gateway or set up a unique peer ID for each remote site.
Currently the operations centers simply "dial" the remote facility. This works fine as long as there is only one connection. This may be related to another post I have going and once I resolve that issue it may fix this one. The dialer config with one unit behind NAT works fine. Just can't have them both active at the same time. (basically the remote site fortinet will not let me create the VPN (creates it but it doesn't show up in the summary so you can't "bring up" the interface.
Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID". Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.