- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site to Site VPN on multiple sites
Is the above scenario possible?
Site A === site to site vpn === Site B
Site B === site to site vpn === Site C
Site C === site to site vpn === Site A
It is like a network triangle but will it work?
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the scenario you described is possible and commonly referred to as a "mesh" or "triangular" network topology. Each site has a site-to-site VPN connection with the other two sites, forming a triangle of interconnected VPN tunnels. This setup can provide redundancy, load distribution, and multiple paths for traffic to flow.
Using IPsec VPN tunnels on FortiGate firewalls, you can achieve this setup. Here's a brief overview of how it could work:
-
Site A, Site B, and Site C:
- Each site should have a FortiGate firewall (or equivalent device) capable of setting up IPsec VPN tunnels.
- Each site will establish a site-to-site VPN tunnel with the other two sites.
-
VPN Tunnels:
-
At Site A:
- Establish an IPsec VPN tunnel to Site B.
- Establish an IPsec VPN tunnel to Site C.
-
At Site B:
- Establish an IPsec VPN tunnel to Site A.
- Establish an IPsec VPN tunnel to Site C.
-
At Site C:
- Establish an IPsec VPN tunnel to Site A.
- Establish an IPsec VPN tunnel to Site B.
-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SiteA, SiteB,SiteC refers to the public IP address on 3 different Fortigates and ideally the the VPN tunnels should form succesfully. Regarding the traffic through these tunnels, whats the LAN subnets behind these sites? Are they overlapping ? Also, do you want SiteA LAN t communicate with Site C via Site B or direct (for other sites as well). We may have to configure the routes/policies based on these requirements.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the scenario you described is possible and commonly referred to as a "mesh" or "triangular" network topology. Each site has a site-to-site VPN connection with the other two sites, forming a triangle of interconnected VPN tunnels. This setup can provide redundancy, load distribution, and multiple paths for traffic to flow.
Using IPsec VPN tunnels on FortiGate firewalls, you can achieve this setup. Here's a brief overview of how it could work:
-
Site A, Site B, and Site C:
- Each site should have a FortiGate firewall (or equivalent device) capable of setting up IPsec VPN tunnels.
- Each site will establish a site-to-site VPN tunnel with the other two sites.
-
VPN Tunnels:
-
At Site A:
- Establish an IPsec VPN tunnel to Site B.
- Establish an IPsec VPN tunnel to Site C.
-
At Site B:
- Establish an IPsec VPN tunnel to Site A.
- Establish an IPsec VPN tunnel to Site C.
-
At Site C:
- Establish an IPsec VPN tunnel to Site A.
- Establish an IPsec VPN tunnel to Site B.
-
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok but what happens if there are overlapping internet segments?
Is there a solution to it?