Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DrWitt
New Contributor

One wan interface two tunnels

Configuration ipsec

Wan1 - Internet   (vpntunnel1 , and vpntunnel2)

Interface 1 - lan1 10.0.0.0

Interface 2 - lan2 10.0.3.0

I can establish vpn with vpntunnel1 to lan1 but cannot establish vpntunnel2 to lan2

in event log vpn when I try establish vpntunnel2 I see there the fortigate is tryining go through vpntunnel1 instead vpntunnel2 (strange). (vpntunnel2 have diffrent adresses and has intrEface 2 which I set in objects)

event log: progress IPsec phase 1 success and delete IPsec phase 1 SA but why vpntunnel1 not 2.

I think i can set the fortigate to choose vpntunel2 and then everything will be ok ? But how ?

p.s SORRY for English

 

1 Solution
emnoc
Esteemed Contributor III

Okay you have 2 tunnels are these route-based or policy-base? Or can you share the  vpn configuration?

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
4 REPLIES 4
emnoc
Esteemed Contributor III

Okay you have 2 tunnels are these route-based or policy-base? Or can you share the  vpn configuration?

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
DrWitt
New Contributor

I have forti in interface mode. And I've created vpn with forti wizard (Firmware 5.2) and wizard created policy.

1. vpntunnel1 -->internal1 (vpn works)  

2. vpntunnel2--> internal2 (vpn not works)

 

emnoc
Esteemed Contributor III

Okay so this still not saying alot.

 

Whats not working? ( phase1, phase2, firewall policies )

What diagnostics did you conduct ?

Did you ensure routes are correct ?

Did you ensue fwpolicies are correct?

 

Can share the cfg ?

 

 

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
DrWitt
New Contributor

When i delete vpntunnel 1 (which work) then I can establish connection on vpntunnel2 (work ok)

When both vpntnnel 1 and vpntunnel2 are configured at fortigate i can only establish connection on vpntunnel1.

When both tunnel are set on fortigate - forticlient only connect to vpntunnel1 .

One user connect to vpntunnel1 - interface1 ok

Second user try to connect thru vpntunnel2 - interface2 - but forti direct him to vpntunnel1 :(

Labels
Top Kudoed Authors