Just wondering if someone can answer this definitively. Can I "share" an address range between an ssl vpn and an ipsec vpn?
The current setup is an SSL VPN, Source IP Pool x.y.z.1-254 and using the "Automatically assign addresses" option so that the entire 1-254 range is used for clients connecting. Rarely more than a few dozen simultaneous clients so the size of the range is irrelevant.
The plan is to:
[ol]The reason for this is that extensive internal layer 2 ACLs, manual routes, and server firewall rules all have the x.y.z.0/24 segment already defined. Trying to use a different range for the LT2P IPSEC clients would mean extensive updates to many switch stacks and dozens of server's local FW settings.
The Powers That Be are concerned that "sharing" that range would cause problems with one or the other.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes you can share range between SSL and IPsec Vpn
I have this configured in my environment for several Vpn gateway Fortigates.
As long as you don't overlapped the addresses no problem.
The Fortigate manages the routing back to each client and knows where the client is either IPsec or SSL
Yes you can share range between SSL and IPsec Vpn
I have this configured in my environment for several Vpn gateway Fortigates.
As long as you don't overlapped the addresses no problem.
The Fortigate manages the routing back to each client and knows where the client is either IPsec or SSL
IPsec Setting:
SSL Setting:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1536 | |
1029 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.