I have two Fortiwifi 80CM units set up with VXLAN over IPSEC.
Both site A and site B are behind NAT devices.
All traffic from site A is routed to a WiFi network hosted on the site B Fortigate.
I have used VXLAN to enable UPNP and DNLA devices to be reached over the VPN from site B. The wifi clients connecting to site B are assigned DHCP addresses from the local router at site A.
I would like to do the same in reverse so that the Wifi adapter on the site A Fortiwifi offers the subnet and internet resources from site B and uses the DHCP server behind the site B fortigate.
To further complicate issues site A has a static IP and site B has a dynamic IP with a DDNS running on the primary router.
It does not appear possible in these circumstances (and from several tests) to have two IPSEC tunnels running simultaneously not does it seem possible with the stage 2 filters as both sides would need to route 0.0.0.0 (all traffic from remote site) to the wifi network on the fortigate.
The subnets do not overlap A has 172.x.x.x and site B has a 10.x.x.x range.
I was thinking that a VLAN created from a WAN adapter on fortigate B into the VPN tunnel to fortigate A and then terminated into the WiFi would be a nice solution but I cannot find out how or if it is possible to create such a VLAN.
Is there any simple way of achieving this?
John
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.