VPN IPsec Dialup Fortigate
Publicado: 24 Dic 2021, 02:38
Hola foro!
Espero se encuentren bien.
Tengo una VPN entre dos sitios funcionando perfectamente, sin embargo ahora me he enfrentado a un requerimiento más...
La VPN original va:
Site 1
192.168.10.0/24 (Fortigate detras de un revendedor de Internet, es decir detrás de un router NAT)
Site 2
192.168.1.0/24 (Fortigate con IP Publica)
El detalle que ahora se habilitó otra interface para una red distinta 192.168.15.0/24 y se requiere la conexión de esas tres redes...
Aquí el detalle de configuraciones del Sitio 1:
config firewall address
edit "all"
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
edit "vpn_local"
set subnet 192.168.10.0 255.255.255.0
next
edit "vpn_remoto"
set subnet 192.168.1.0 255.255.255.0
next
edit "Local2"
set subnet 192.168.15.0 255.255.255.0
next
edit "Local"
set subnet 192.168.10.0 255.255.255.0
next
end
config vpn ipsec phase1-interface
edit "f1_Site2"
set interface "wan1"
set proposal 3des-sha1
set remote-gw 200.188.X.Y
set psksecret ENC *******************
next
end
config vpn ipsec phase2-interface
edit "f2_Site2"
set dst-addr-type name
set keepalive enable
set phase1name "f1_Site2"
set proposal 3des-sha1
set replay disable
set src-addr-type name
set dst-name "vpn_remoto"
set keylifeseconds 86400
set src-name "vpn_local"
next
end
config firewall policy
edit 1
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
next
edit 2
set srcintf "f1_Site2"
set dstintf "internal"
set srcaddr "vpn_remoto"
set dstaddr "vpn_local"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
next
edit 3
set srcintf "internal"
set dstintf "f1_Site2"
set srcaddr "vpn_local"
set dstaddr "vpn_remoto"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
next
edit 4
set srcintf "internal"
set dstintf "wan2"
set srcaddr "Local"
set dstaddr "Local2"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set nat enable
next
end
config router static
edit 1
set device "f1_Site2"
set dst 192.168.1.0 255.255.255.0
next
end
Espero se encuentren bien.
Tengo una VPN entre dos sitios funcionando perfectamente, sin embargo ahora me he enfrentado a un requerimiento más...
La VPN original va:
Site 1
192.168.10.0/24 (Fortigate detras de un revendedor de Internet, es decir detrás de un router NAT)
Site 2
192.168.1.0/24 (Fortigate con IP Publica)
El detalle que ahora se habilitó otra interface para una red distinta 192.168.15.0/24 y se requiere la conexión de esas tres redes...
Aquí el detalle de configuraciones del Sitio 1:
config firewall address
edit "all"
next
edit "SSLVPN_TUNNEL_ADDR1"
set type iprange
set end-ip 10.212.134.210
set start-ip 10.212.134.200
next
edit "vpn_local"
set subnet 192.168.10.0 255.255.255.0
next
edit "vpn_remoto"
set subnet 192.168.1.0 255.255.255.0
next
edit "Local2"
set subnet 192.168.15.0 255.255.255.0
next
edit "Local"
set subnet 192.168.10.0 255.255.255.0
next
end
config vpn ipsec phase1-interface
edit "f1_Site2"
set interface "wan1"
set proposal 3des-sha1
set remote-gw 200.188.X.Y
set psksecret ENC *******************
next
end
config vpn ipsec phase2-interface
edit "f2_Site2"
set dst-addr-type name
set keepalive enable
set phase1name "f1_Site2"
set proposal 3des-sha1
set replay disable
set src-addr-type name
set dst-name "vpn_remoto"
set keylifeseconds 86400
set src-name "vpn_local"
next
end
config firewall policy
edit 1
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
next
edit 2
set srcintf "f1_Site2"
set dstintf "internal"
set srcaddr "vpn_remoto"
set dstaddr "vpn_local"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
next
edit 3
set srcintf "internal"
set dstintf "f1_Site2"
set srcaddr "vpn_local"
set dstaddr "vpn_remoto"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
next
edit 4
set srcintf "internal"
set dstintf "wan2"
set srcaddr "Local"
set dstaddr "Local2"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set nat enable
next
end
config router static
edit 1
set device "f1_Site2"
set dst 192.168.1.0 255.255.255.0
next
end