Hello, I would like to ask some advise and recommendations as well with
our Site-to-Site IPSEC VPN.Below are the scenarios. Please refer on the
attached diagram. We have an existing Site-to-Site IPSEC which is Site A
going to Site C. Since we are exp...
Hello, I'm currently building a site-to-site IPSEC VPN but I would like
to know if its possible to use a private IP (10.10.10.0/30) network.
Below is my current configuration. Firewall A:Port 10: 10.10.10.1/32
Firewall B: Port 9: 10.10.10.2/32 Both p...
oheigl wrote:On Firewall 3, do you have a route for the server farm
network? It would be easier if you could post every routing
configuration from all your FortiGates, like this: show router static
Otherwise we will message back and forward 10x I hav...
oheigl wrote:Okay, so you need the following routes: Firewall 2:
192.168.18.32/27 via 10.10.10.1Firewall 4: 192.168.18.32/27 via IPsec
and the corresponding policies Firewall 2: 192.168.18.32/27 via
10.10.10.1-> We already have that in Firewall 2. Qu...
oheigl wrote:Have you checked the routing and policies? Site C FortiGate
needs a route through Site A for the local network in Site B. The
easiest way to find out where the packets are not forwarded correctly is
to start an endless ping on PC2: ping ...
oheigl wrote:Looking at your diagram, it's not the same subnet on site A
and site B, because of the subnet mask /27. So you don't have any issues
at all, otherwise you could use a link network with a different IP
range, like this: Site A: 192.168.18....
