Problems using ipSEC - special setup

ronnyg · ‎11-10-2017

Hi,

we have the following setup here.

office: Fortigate 101E, network is 172.31.0.0/16, static public IP over WAN1, using a LWL fiber connect

remote: Fortigate 30E, network is 192.168.5.0/24, dynamic public IP over WAN1 behind the cable modem

I got it working connecting both Fortigates using IPsec site2site setup. I use the networks vis versa to allow traffic between both sides. Using the wizzard, this works fine. Also, access from office to remote site is working because of working fortiDDNS - account on the remote site. On both sites, we do not use NAT because we setup port-forwarding UDP 500/4500 on the cablemodem before the Fortigate on the remote-site. All this works perfectly. So far.

Now the nightmare. ;)

There is another network in our datacenter. This network is not connected to both Fortigates. But I want, that the third networks, let´s assume this is 1.2.3.4/23, is routed from the remote site, over the VPN, to the office´s Fortigate, so network is accessed by the public IP network from the office´Fortigate.

I tried to add this a second network on the remote/ local site, but this is not working, because it also uses different Switchports.... Hu :( This is so complicated, maybe, someone has an idea. I also played around with static routes, but it did not work (including the rules of course) :(

Any help would be nice.

Best and thanks

Ronny

Toshi_Esumi · ‎11-10-2017

How can datacenter network reach to the FG30E? Just routing or over another VPN? In either case you need to have a set of static routes on the 30E to bridge between datacenter net and the office net(FG101E location), in addition to add those networks(traffic selectors) on the 30E-101E VPN.

Problems using ipSEC - special setup

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website