Hello,
i have been asked for a Layer2 Site to Site VPN (I would not like to discuss an alternative - at this moment - because this is the technial requirement of the customer..).
I have done some research here in the discussions and found several statements that this is not possible at the moment with Fortigate units.
My question is: Is this statement still correct or is there a possibility in the newest firmware to do this? I am wondering about the L2TP over IPSec Support (i.e. for Android Dialin VPN). Is there a way to use this between two Fortigate units or do I miss something?
Thanks, Sebastian
hi,
there's been a post recently about L2TP server functionality in FortiOS: https://forum.fortinet.com/tm.aspx?m=139960
It is possible but the L2TP client feature is only available on the desktop models (< 100D).
I haven't tried it but with one FGT as L2TP server and the other as L2TP client it should meet your requirements.
Hello, thanks for pointing the direction...!! Is there anybody here in the forum who has tested such a setup? If not I plan to do this (FG100D & 60D available), but I am a bit out of time actually ;-) Thanks, Sebastian
Hi,
just a quick test on a new 50E:
FGT50Exxxx # config system interface FGT50Exxxx (interface) # edit wan2 FGT50Exxxx (wan2) # set l2tp-client enable FGT50Exxxx (wan2) # ab FGT50Exxxx # config vpn l2tp FGT50Exxxx (l2tp) # set status enable FGT50Exxxx (l2tp) # ab FGT50Exxxx # Seems it´s possible to build with two 50E boxes (no errors for client & server above) - that´s absolutly fine for me.
Sebastian
Hi,
Another possibility is to use the VXLAN feature in FortiOS 5.4, with that you can create a L2 tunnel between two sites.
http://kb.fortinet.com/kb/documentLink.do?externalID=FD38614
however, 5.4 is not considered stable at the moment.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.