Let me start with the goal of this project: Establish a site-to-site VPN tunnel via the fortiextender/hotspot that has a public IP address (subnet on the internal interface i.e. 10.0.2.0/24) to a remote network using a VMWare edge server (large).
Current Status: The tunnel shows up/up on the FWF60c and remote endpoint, but no incoming or outgoing data.
Running into an issue establishing a VPN tunnel and haven't successfully diagnosed the source of the problem yet. Here is what I have for the configuration:
Fortiextender 100b & AC340U (public IP address established)
Fortiextender plugged into the WAN1 interface of the FWF60C (10.0.1.1)
Internal interfaces set to (10.0.2.1/24)
Wifi set to (10.0.3.1/24)
VMWare edge gateway server (large)
public IP address established and a number of tunnels already configured and functional, however this is the first tunnel I am trying to establish using the hotspot and fortiextender.
Policies are in place for the fext, WAN, Internal, etc. and able to get out to the internet without issue. However, attempting to just ping the remote endpoint subnet results in "request timed out" from a device connected to the internal interface on the FWF 60c w/IP address of 10.0.2.100.
VPN Phase I interface is the fext-wan1
Phase II local subnet is: internal (10.0.2.0/24)
Phase II remote subnet: remotenetwork (192.168.1.0/24)
I know I am likely missing something simple, but after looking at it for so long I can't see it.
Any help would be appreciated.
NOTE: I am also going to be setting up a MESH network as well because the buildings and devices that need to communicate together are not wired and unfortunately we will not be able to wire them. For that, I have a couple of FAP222c that I will employ.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.