Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alimov
New Contributor II

Created on ‎08-27-2014 12:43 AM

Routing and vpn tunnels

Hello colleagues. There are two FGT. 1-100d; 2-80c (OS - 5.2) Implemented such a scheme- http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/redundant-tunnel.121.08.html Everything works. The actual schema looks like this: Routs on FGT1: Routs on FGT2: Now I have the task of: If the user of the site 1 has connected on the rdp for Terminal Server in site 2 and Terminal session launched ie-all Internet traffic goes directly to the wan1 FGT2. What do I need to do to traffic sent back in site 1 and already there was outward through the wan1 FGT1 Please tell me what I need to do.
15180
0 Kudos
38 REPLIES 38
Alimov
New Contributor II
In response to hklb

Created on ‎08-28-2014 01:20 AM

No, if we put 0.0.0.0 - we are going back to yesterday' s result - regardless of the route policy, traffic flowing on the static route
2430
0 Kudos
hklb
Contributor II
In response to hklb

Created on ‎08-28-2014 01:25 AM

I think you doing a mistake.. In VPN configuration, you need to leave 0.0.0.0/0 In Interface VPN (You need to set in CLI), you need to set an IP. For that, you need to enter in " config system interface" , and edit your interface tunnel, like I posted yesterday : conf sys inter edit Site_1_A set ip 192.0.2.1 255.255.255.255 set remote-ip 192.0.2.2 next edit Site_1_C set ip 192.0.2.5 255.255.255.255 set remote-ip 192.0.2.6 end
2430
0 Kudos
Alimov
New Contributor II
In response to hklb

Created on ‎08-28-2014 02:00 AM

i do: interface 100d: int 80: dia sys session clear and it is not works vpn tunnel is up local ping is up and access to internet is passed through FGT2
2430
0 Kudos
hklb
Contributor II
In response to hklb

Created on ‎08-28-2014 02:01 AM

and your PBR configuration?
2430
0 Kudos
Alimov
New Contributor II
In response to hklb

Created on ‎08-28-2014 02:04 AM

FGT80C3912606373 # dia sys session clear FGT80C3912606373 # dia sys session clear FGT80C3912606373 # show router policy config router policy edit 1 set input-device " internal" set src " 192.168.50.0/24" set dst " 0.0.0.0/0" set gateway 192.0.2.2 set output-device " Site_2_A" next end FGT80C3912606373 #
2430
0 Kudos
hklb
Contributor II
In response to hklb

Created on ‎08-28-2014 02:05 AM

If it always that (attached file), you need to modifiy the gateway to 192.0.2.1
Preview file
59 KB
2430
0 Kudos
Alimov
New Contributor II
In response to hklb

Created on ‎08-28-2014 02:08 AM

Oh, my God, hklv, you are the best person on earth !!!! I bow to you. Thank you very much it works !!!!
2430
0 Kudos
hklb
Contributor II
In response to hklb

Created on ‎08-28-2014 02:18 AM

That' s a good news ! you' re welcome
2430
0 Kudos
hklb
Contributor II

Created on ‎08-27-2014 11:30 PM

diag ip rtcache list
Thank you
2430
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.