1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate-7060E
  6. Handbook

Example Multiple Subnet Ipsec Vpn Phase 2 Configuration - Fortinet FortiGate-7060E Handbook

Fortios
Hide thumbs Also See for FortiGate-7060E:
Table of Contents

Advertisement

IPsec VPN
set dst-subnet 172.16.2.0 255.255.255.0
end

Example multiple subnet IPsec VPN Phase 2 configuration

In a more complex configuration, such as the one below with a total of 5 subnets you still need to add all of the
subnets to the Phase 2 configuration. In this case you can create a firewall address for each subnet and the
addresses to address groups and add the address groups to the Phase 2 configuration.
Enter the following commands to create firewall addresses for each subnet.
config firewall address
edit "local_subnet_1"
set subnet 4.2.1.0 255.255.255.0
next
edit "local_subnet_2"
set subnet 4.2.2.0 255.255.255.0
next
edit "remote_subnet_3"
set subnet 4.2.3.0 255.255.255.0
next
edit "remote_subnet_4"
set subnet 4.2.4.0 255.255.255.0
next
edit "remote_subnet_5"
set subnet 4.2.5.0 255.255.255.0
end
And then put the five firewall addresses into two firewall address groups.
config firewall addrgrp
edit "local_group"
set member "local_subnet_1" "local_subnet_2"
next
edit "remote_group"
set member "remote_subnet_3" "remote_subnet_4" "remote_subnet_5"
end
Now, use the firewall address groups in the Phase 2 configuration:
FortiGate-7000
Fortinet Technologies Inc.
Adding source and destination subnets to IPsec VPN phase 2 configurations
52

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate-7060E

Related Content for Fortinet FortiGate-7060E

This manual is also suitable for:

Fortigate-7000Fortigate-7904eFortigate-7901eFortigate-7040eFortigate-7030eFortigate-7910e ... Show all

Table of Contents