Good evening everyone. I have a question, if it is possible to realize this scene.
We have 2 sites (AeB) in ipvsec vpn. the first site A has class 192.168.0.0 the second B has class 192.168.1.0. In the first site we have another class 192.168.2.0 configured on port2 of the firewall. Is it possible to reach class 192.168.2.0 from Site B?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You talk about using class A and B address space (which isn't really in use these days) and your diagram shows you are using Classless Interdomain Routing (CIDR) Notation on your subnets.
Can you confirm your subnets are all /24? That is all hosts are using 255.255.255.0 masks, including the FortiGate interfaces?
Hi Gfleming, yes yes, I confirm that they are all /24 . A and B work regularly from 192.168.1.0 to 192.168.40.0. But the class 192.168.10.0 to 192.168.40.0, nothing, it doesn't work. Thank
Do you have a Firewall Policy that allows traffic from port2 to the IPSec tunnel?
Assolutamente si
Hi Fabio,
Yes, You can reach Site A to Site B and Site B to Site A.
while configuring VPN, make sure on-site A you added both networks 192.168.0.0/24 and 192.168.2.0/24 in the VPN source address and Add the same subnets in Site B Vpn Destination network. so from Site B, you can reach both sites A networks.
Hello and thanks. I added the static routes on A to B. On B for the moment there is actually only one static route or the main one, do I also add the second always from site A?
I am not sure I understand your configuration but, on both firewalls you need to have routes towards each network. So, on B you would need routes towards both subnets that are behind firewall A.
Ok, perfetto.
Grazie infinite a tutti, proverò aggiungendo l'altra rotta in B
@Fabio74 Great. Let us know the outcome :).
Please execute the below commands and see if you are seeing any packets.
diag sniffer packet any 'host 192.168.10.0 and host 192.168.40.x and icmp' 4 0 a
Initiate a ping form the 10.0 towards 40.x post this.
Replace x with the remote subnet PC's IP.
Also do a tracert from your Local PC to the remote gateway to see where is the packet dropping.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.