Hy Guys,
How you doing ?
Im trying to create a vpn tunnel between two sites.
One have two local subnets with two different intefaces and thats where my problem is, I dont know how to use both interfaces on the configuration.
Here is a table just to illustrate the configuration:
Local interface | Internal1 (where my problem is) |
Local Subnets | 192.168.50.0/24 (Internal1) |
192.168.51.0/24 (Internal2) | |
Remote Subnets | 192.168.0.0/24 |
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For the IPSec phase2 network selector, you can use 192.168.50.0/23<->192.168.0.0/24 to let them communicate each other. If you have tunnel interface IP and want to be able to test connectivity from either FGT, you need to add those selectors as well.
For the rest, you can use each subnet separately for routing, and have to have separate policies per interface unless you use a zone to bind internal1 and 2 together like "internal_zone".
Edit:
Actually you can use the /23 subnet for routing as well on the other side of the tunnel.
Toshi
Or, for simplicity, you can use a wildcard address '0.0.0.0/0' in phase2, for both local and remote end - if the other side uses a Fortigate as well. This will allow any subnet to open the tunnel. You take care of security by creating the appropriate policies.
Wildcard address comes in handy when you have to deal with a high number of remote subnets, or when you do not know the remote subnet address ranges beforehand. That is, in case of a dial-in VPN.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.