VPN Site to Site - access to multiple subnets

przemo · ‎01-12-2016

Hello Everyone, I would like to know your opinion about the following settings. Using wizard (with a little manual correction) I connected HQ and Branch via Site-to-Site VPN tunnel. In HQ I've two LANs (192.168.1.0 and 192.168.2.0), In Branch I've one LAN - 192.168.0.1. How to set up this tunnel to allow computers from the Branch LAN to connect to the both LANs from the HQ? (clearer explanation in the picture). I did it using additional entries in Phase2 in the both FTG and necessary entries in the IPv4 policies. It's working well but I don't know if this is the right way (?) There is other easier (better) solutions? What do you think about it?

p.s. 1.

I'm using FTG 60D, 5.4.0 and 5.2.4 OS

p.s. 2.

sorry for the simple English.

MikePruett · ‎01-12-2016

wouldn't you place the policies on the main fortigate to allow the remote subnet to access the other internal networks. Then just have routes on the remote that says to get to lan 1 and 2 go to REMOTE interface?

Mike Pruett

Fortinet GURU | Fortinet Training Videos

TobyTheCraig · ‎04-09-2020

Hi there,

Could you please provide some more detailed steps for a novice user? :)

Many thanks!

VPN Site to Site - access to multiple subnets

Nominate a Forum Post for Knowledge Article Creation