I am having trouble with my configuration, I can successfully established connection with both firewall but I cannot access the VLAN on the branch firewall.
Here is my config:
Local Subnet: 192.168.100.0/24
Remote Subnet: 192.168.50.0/24
Local Subnet: 192.168.50.0/24
Remote Subnet: 192.168.100.0/24
Static Route HQ:
Static Route BRANCH:
My firewall policies:
incoming interface: hq-to-branch
outgoing interface: lan
incoming interface: lan
outgoing interface: hq-to-branch
My problem is I cannot access the following VLAN subnet in the branch firewall
Thank you in advance!
Go to Solution.
either that or leave the p2 selector at 0.0.0.0/0.0.0.0 and have routing plus policy handle the rest.
Also on s2s you don't need to enter a gateway. The IPSec Tunnel as destination interface for the static route is enough.
Works fine here this way with various vlans on both sides :)
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
View solution in original post
I could see you have added "192.168.100.0" and "192.168.50.0" as local and remote phase 2 selectors, you need to add the networks which you want to access in the local and remote phase 2 selectors.
Then you need to configure static routes for the same.
Here in your scenario, you did not defined "10.10.20.0" and "10.10.30.0" networks in phase 2 selectors of the firewall.
You can use this article for your reference:
Thanks for share great information.Defined "10.10.20.0" and "10.10.30.0" networks in phase 2 selectors of the firewall.
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/281288/ slope 2 unblocked site-to-site-ipsec-vpn-with-two-fortigate-devices
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2022 Fortinet, Inc. All Rights Reserved.