Hello Contributor/Expert and all members,
I've a weird incident on my VPN configuration. Would appreciate if someone can contribute some knowledge and expertise.
The scenario is:
- Server in HQ need to be connected to other site i.e: site A
- HQ network protected by Fortinet 200b
- Since SSG20 VPN cannot configure behind firewall, then I've bypass the firewall by configuring another IP from the main router (connect to ISP network)
- Now SSG is connected from the main router and I've configure Static IP in Untrust zone (eth0)
- For Bgroup0 (bond with eth2,3,4) - I've assgined the same subnet IP use by server environment i.e: 10.10.10.x/24
- The actual network for servers are connected to the network in Fortinet (GW 10.10.10.254/24)
- The reason i'm using the same subnet with network in Fortinet is to ensure the network in SSG can reach the server environment
- The same network IP in bgroup doesn't solve the problem so I plug the cable at eth4 (same bgroup) and connect to the switch which connect to the network server and now the connection is establish (both site can ping each other)
- Last step is to create VPN to site B
- From SSG, I can ping to the server i.e: 1.1.2.1/24 and gateway at Fortinet 1.1.2.254/24
At site B
- Dynamic IP (configure at Eth0) - untrust
- 10.10.20.254/24 assigned to bgroup
- VPN created to Site A
VPN objective is to ensure computer at site B can access the server at site A. Once VPN created, Site A bgroup (trust) IP: 10.10.10.254 can ping to Site B (trust) 10.10.20.254 **means the VPN are establish between both site. But the weird thing is Site B cannot reached server at Site A but Site B can reached SSG.
My taughts if the network in the same subnet and environment, it is supposed can reach each other. Or it is not possible to join network from the Fortinet and use the same IP configure in SSG?
Appreciate your advice and contribution
Regards,