Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Wayupnorthguy
New Contributor III

Multiple Site to Site Connections

I have a "Remote Facility" that has equipment that is to be monitored by two separate operations centers.
The remote facility has two distinct private subnets that are not interconnected and need to remain so.
I have successfully configured two site-to-site IPSEC VPNs (Fortigate to Fortigate) from one Operations Center and can access hosts on those LANs.
I cannot establish a second site to site connection from Operations Center 2.  I can build the dialer from the NATed side and the connector on the Remote Facility side but when selecting the Tunnel status, the second tunnel doesn't even show up so that I can select "bring up".  Attached is a diagram.  I'm sure there are smart people out there who will tell me how I "should" be doing this. 

Wayupnorthguy_0-1666396590774.png

Any help appreciated.

 

Jack of all trades, Master of none
Jack of all trades, Master of none
1 Solution
Wayupnorthguy
New Contributor III

Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID".  Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.

Jack of all trades, Master of none

View solution in original post

Jack of all trades, Master of none
3 REPLIES 3
distillednetwork
Contributor III

You could use DDNS on the remote fortigates to learn their external IP address and use that as the remote gateway or set up a unique peer ID for each remote site.

 

 

Wayupnorthguy

Currently the operations centers simply "dial" the remote facility.  This works fine as long as there is only one connection.  This may be related to another post I have going and once I resolve that issue it may fix this one.  The dialer config with one unit behind NAT works fine.  Just can't have them both active at the same time. (basically the remote site fortinet will not let me create the VPN (creates it but it doesn't show up in the summary so you can't "bring up" the interface.

 

Jack of all trades, Master of none
Jack of all trades, Master of none
Wayupnorthguy
New Contributor III

Solved. The problem was that for each connection I needed to setup a unique Peer ID in the Tunnel "authentication" and "phase 1 proposal local ID".  Once I converted the Wizard tunnels to Custom and tested the connectivity on each I was then able to establish multiple point-to-point and remote access dial connections.

Jack of all trades, Master of none
Jack of all trades, Master of none
Labels
Top Kudoed Authors