![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Private Citizen
Gawd
- Joined
- Mar 15, 2002
- Messages
- 782
The title should've read:
Setup routing between two seperate sites:
Hey guys. I've got this issue that I've really gone in circles with. I'm about to pull out my hair.
If anyone has any advice on the issue below I would greatly appreciate.
Currently I have a IPSEC VPN connection setup between site1 and site2. Everything works fine 98% of the time however it does eat up some bandwidth on our main line and we do have a dedicated Point to Point line we pay for (P2P). The current setup can be seen in the first graphic.
My goal is to connect site1 and site2 together using the 2Mb dedicated line we pay for from our ISP. I initially tired to setup this connection however something was wrong with my config and I couldn't get it to work on that day and I shelved it until I could get the time to revisit which is now. I basically need to connect both LAN together since all the servers are at site2. The graphic below illustrates what the connection will look like in the end with the P2P line in use.
Basically my initial config for the site to site P2P connection was the following.
Site1 - FG-110C:
Port1 = LAN (192.168.7.1)
Port2 = P2P Connection (192.168.9.2)
Port3 = INTERNET
Site2 = FG-300A:
Port1 = LAN (192.168.0.1)
Port2 = P2P Connection (192.168.9.1)
Port3= INTERNET
Then I created a policy on each Fortigate that said Port1 to Port2 Allow ANY and Port2 to Port1 Allow ANY. I also needed to setup a static route but cannot remember what I put. I feel the problem is in the static route setting. Does anyone have any advice on the config? I setup multiple variations of the config but I never could get the connection to work between the two sites. I cannot ping PORT2=192.168.9.2 from site 1 let alone ping anything in the PORT1=192.168.0.0 network.
Going by what the setup is does anyone have a reccomendation on what the static routes would look like on both ends. I've tried many combinations with no success. Like I typed above, I have already created the appropriate firewall policies to allow traffic between the two ports, I just need to get the routing worked out.
=================================================================
Just a side note; the P2P line does work indeed. If I take both ends of the P2P connection and plug them into one of the LAN switches on both ends, traffic flows. So the P2P connection does work. I've also connected a laptop at site1 directly to the ONT on the wall in the P2P port and I can ping site 2's PORT2 interface and then added a static route on the laptop and I can ping the PORT1=192.168.0.0 also. Just cannot do it with both firewalls connected.
Setup routing between two seperate sites:
Hey guys. I've got this issue that I've really gone in circles with. I'm about to pull out my hair.
If anyone has any advice on the issue below I would greatly appreciate.Currently I have a IPSEC VPN connection setup between site1 and site2. Everything works fine 98% of the time however it does eat up some bandwidth on our main line and we do have a dedicated Point to Point line we pay for (P2P). The current setup can be seen in the first graphic.
My goal is to connect site1 and site2 together using the 2Mb dedicated line we pay for from our ISP. I initially tired to setup this connection however something was wrong with my config and I couldn't get it to work on that day and I shelved it until I could get the time to revisit which is now. I basically need to connect both LAN together since all the servers are at site2. The graphic below illustrates what the connection will look like in the end with the P2P line in use.
Basically my initial config for the site to site P2P connection was the following.
Site1 - FG-110C:
Port1 = LAN (192.168.7.1)
Port2 = P2P Connection (192.168.9.2)
Port3 = INTERNET
Site2 = FG-300A:
Port1 = LAN (192.168.0.1)
Port2 = P2P Connection (192.168.9.1)
Port3= INTERNET
Then I created a policy on each Fortigate that said Port1 to Port2 Allow ANY and Port2 to Port1 Allow ANY. I also needed to setup a static route but cannot remember what I put. I feel the problem is in the static route setting. Does anyone have any advice on the config? I setup multiple variations of the config but I never could get the connection to work between the two sites. I cannot ping PORT2=192.168.9.2 from site 1 let alone ping anything in the PORT1=192.168.0.0 network.
Going by what the setup is does anyone have a reccomendation on what the static routes would look like on both ends. I've tried many combinations with no success. Like I typed above, I have already created the appropriate firewall policies to allow traffic between the two ports, I just need to get the routing worked out.
=================================================================
Just a side note; the P2P line does work indeed. If I take both ends of the P2P connection and plug them into one of the LAN switches on both ends, traffic flows. So the P2P connection does work. I've also connected a laptop at site1 directly to the ONT on the wall in the P2P port and I can ping site 2's PORT2 interface and then added a static route on the laptop and I can ping the PORT1=192.168.0.0 also. Just cannot do it with both firewalls connected.
Last edited: