Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adogra
New Contributor

Route traffic from HQ - branch remote ipsec tunnel customer network.

Hi folks,

 

We have ipsec tunnel vpn site - site between our HQ to branch office. Now branch office has ipsec tunnel with customer. 

Our HQ users need to access that customer network which is connected via remote Site - site2 site ipsec tunnel from branch office

 

I'm using fortigate 200 D in HQ and 100D in branch office. any pointers please.

 

Is there any option I can route traffic that comes from HQ to remote site towards customers ipsec tunnel?

 

Its same like we forward sslvpn traffic to ipsectunnel. can we forward ipsec to remote device ipsec tunnel ?

 

Thanks

Atul

1 Solution
emnoc
Esteemed Contributor III

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
3 REPLIES 3
emnoc
Esteemed Contributor III

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
adogra
New Contributor

ok - So IPsec tunnel vpn customer(final destination) connected via  branch office doesn't need to any thing in their end.  Once I'll add route 0.0.0.0/0:0 in existing ipsec tunnel from HQ to branch office. HQ users should be able to access final destination using branch existing vpn.

 

Again  this change requires in between our HQ and branch ipsec tunnel to route traffic from HQ network to customer( final destination) connected via branch office.

 

thanks again

adogra
New Contributor

emnoc wrote:

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

 

could you please confirm on this

"Once I'll add route 0.0.0.0/0:0 in existing ipsec tunnel phase 2 from HQ to branch office. HQ users should be able to access final destination using branch existing vpn."

Labels
Top Kudoed Authors