Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jamestiberius
New Contributor II

static route over ipsec tunnel for exchange dag group - same subnet mask

few months back at our main site we setup two exchange 2013 servers each with static IP 192.168.40.0/255.255.255.0 range.

for the DAG traffic it was recommended we use different range, so we gave the 2nd NIC on each exchange server an IP in the range of 192.168.10.0/255.255.255.0 for the DAG traffic only.

 

so now we are looking at adding a 3rd exchange server at a remote site, and it needs to be added to the DAG group.

remote site is connected via IPSEC tunnel to main site.  remote site network is 192.168.70.0/255.255.255.0

 

so for the DAG traffic, I need the 2nd NIC on the exchange server at the remote site to have IP in 192.168.10.3.

 

how would I be able to route this traffic, or can I?

 

can I create a static route on the main site fortinet so that any traffic going to 192.168.10.3 goes over the IPSEC tunnel to the remote site?

and then at the remote site, static route so that any traffic going to 192.168.10.1 and 192.168.10.2 goes over the IPSEC tunnel to the main site?

 

 

 

2 REPLIES 2
gschmitt
Valued Contributor

You can't route within the same subnet since the Server will assume the IP to be within his own net and won't bother sending it's packages to the FortiGate

jamestiberius

so I set the dag group at the remote site to its own subnet, but DAG groups cannot have a gateway, so can I do static route for this traffic without a gateway?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors