Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Crispus
New Contributor

VPN between 2 sites

Hi everyone, I'm new to network administration and really need your help. I have 2 remote sites between which I want to establish a site to site connection, but it doesn't work. Here is an overview of my network attached.
1 REPLY 1
sw2090
SuperUser
SuperUser

what exactly does not work? That's a bit too few information....

 

basically you need:

 

- the IPSEC or SSL VPN Tunnel between the Sites

- static routes on both sides at least to the LANs (or whatever you want to be able to reach on the other side)

- Policies to allow the traffic (VPN will not come up if there is no policy for its traffic) on BOTH sides.

 

So in your case:

 

Main Site needs:

 

- IPSEC/SSL VPN to Remote Site

- static routing for 172.30.1.0/24 with the VPN as Interface

- Policy that allows traffic from 172.31.1.0/24 to 172.30.1.0/24 via the VPN Interface

- (optional) reverse Policy if you have traffic from 172.30.1.0/24 to 172.31.1.0/24 that is initiated from out of 172.30.1.0.

 

Remote Side needs:

 

- IPSEC/SSL VPN to Main Site

- static routing for 172.31.1.0/24 with the VPN as Interface

- Policy that allows traffic from 172.30.1.0/24 to 172.31.1.0/24 via the VPN Interface

- (optional) reverse Policy if you have traffic from 172.31.1.0/24 to 172.30.1.0/24 that is initiated from out of 172.31.1.0.

 

If IPSec leave the phase 2 selectors at 0.0.0.0/0.0.0.0.

 

Once VPN is up you should then be able to reach remote Site lan (172.30.1.0/24) from main Site lan and vice versa.

 

On IPSec VPN you should be aware that both sides match at least one pair of proposals, the DH Group and the psk.

You might turn on NAT-T and NAT Keepalive to have a persistant tunnel.

 

 

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors