Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adogra
New Contributor

Created on ‎11-21-2018 03:05 AM

Route traffic from HQ - branch remote ipsec tunnel customer network.

Hi folks,

 

We have ipsec tunnel vpn site - site between our HQ to branch office. Now branch office has ipsec tunnel with customer. 

Our HQ users need to access that customer network which is connected via remote Site - site2 site ipsec tunnel from branch office

 

I'm using fortigate 200 D in HQ and 100D in branch office. any pointers please.

 

Is there any option I can route traffic that comes from HQ to remote site towards customers ipsec tunnel?

 

Its same like we forward sslvpn traffic to ipsectunnel. can we forward ipsec to remote device ipsec tunnel ?

 

Thanks

Atul

4886
0 Kudos
1 Solution
emnoc
Esteemed Contributor III

Created on ‎11-21-2018 04:13 AM

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
2382
0 Kudos
3 REPLIES 3
emnoc
Esteemed Contributor III

Created on ‎11-21-2018 04:13 AM

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2383
0 Kudos
adogra
New Contributor
In response to emnoc

Created on ‎11-26-2018 04:14 AM

ok - So IPsec tunnel vpn customer(final destination) connected via  branch office doesn't need to any thing in their end.  Once I'll add route 0.0.0.0/0:0 in existing ipsec tunnel from HQ to branch office. HQ users should be able to access final destination using branch existing vpn.

 

Again  this change requires in between our HQ and branch ipsec tunnel to route traffic from HQ network to customer( final destination) connected via branch office.

 

thanks again

2329
0 Kudos
adogra
New Contributor
In response to emnoc

Created on ‎12-03-2018 09:43 AM

emnoc wrote:

Yes, ensue you have  phase2 proposal and router to the final   destination. If you  deploy a ipsec phase2 with 0.0.0.0/0:0 and control the route and firewall the  HQ should be able to access the  final remote site network(s).

 

Ken Felix

 

 

could you please confirm on this

"Once I'll add route 0.0.0.0/0:0 in existing ipsec tunnel phase 2 from HQ to branch office. HQ users should be able to access final destination using branch existing vpn."

2329
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.