Topic Thread

Expand all | Collapse all

VPN IPSEC Routing

  • 1.  VPN IPSEC Routing

    Posted Feb 17, 2019 06:00 AM
    Hello,

    I need help with routing between 3 fortigates.

    I have 3 fortigates A, B and C.

    In fortigate A I have the internal network 10.0.10.0/24
    In fortigate B I have the internal network 10.0.20.0/24
    In C fortigate I have the internal network 10.0.30.0/24

    The fortigate B has vpn ipsec with A and B.
    From network 10.0.20 I get the network 10.0.10 and 10.0.30, but I need the network 10.0.10 to access the network 10.0.30, passing through the fortigate B.
    Making vpn between A and C is not an option.

    How to do this?

    Thanks.

    ------------------------------
    Rodrigo [LastName] [Designation]
    Any
    [CompanyName]
    [City] [State]
    [Phone]
    ------------------------------


  • 2.  RE: VPN IPSEC Routing

    Posted Feb 19, 2019 11:10 AM
    Rodrigo,
    This would be as simple as making sure the VPNs are route-based instead of policy based and then installing the proper routes in each device.  Then you'll want to make sure that there is policy to allow the traffic to flow.

    Your routes should have a next-hop of the appropriate VPN tunnel. 

    Your policy should reference the same VPN tunnels.

    ------------------------------
    Justin
    ------------------------------



  • 3.  RE: VPN IPSEC Routing

    Posted Mar 05, 2019 11:50 PM
    Hi, I hope there are already configured VPN between devices as A to B and B to C. And as per your post, it is not possible a VPN between A to C. No issue:

    Fortigate A Changes:
    Add Fortigate C subnet on existing VPN  (A to B) Phase 2 configuration as Destination network, Add route and Add subnet in the Firewall Policy also.

    Fortigate B Changes:
    Add Fortigate C subnet on existing VPN  (A to B) Phase 2 configuration as Source network, Add subnet in the Firewall Policy also.
    Add Fortigate A subnet on existing VPN  (B to C) Phase 2 configuration as Source network, Add subnet in the Firewall Policy also.

    Add 1st New Firewall Policy for route traffic VPN to VPN (Source Network: A site subnet, Destination Subnet: C site subnet)
    Add 2nd New Firewall Policy for route traffic VPN to VPN (Source Network: C site subnet, Destination Subnet: A site subnet)

    Fortigate C Changes:
    Add Fortigate A subnet on existing VPN  (B to C) Phase 2 configuration as Destination network, Add Route and  Add subnet in the Firewall Policy also

    I hope it will work without any issue. 


    ------------------------------
    Deepak Kumar
    First Option General Trading LLC
    Dubai
    ------------------------------