0

We have 2 offices, each with their own internet connection. We also have a leased line/LAN extension provided by the ISP at each location as well. The way this works is that the ISP provided us a Cisco ME-1200 at each site, Port1 is for the LAN extension, Port2 is for internet.

I want to connect both of the offices using the LAN extension. Office1 has network 192.168.23.0/24 and Office2 has network 192.168.22.0/24.

I have a FortiGate 51E firewall/router as the gateway for both offices. I have the LAN extension plugged into LAN5 of each FortiGate and assigned the LAN5 interface of both firewalls to the same network, different IP's. Office1 192.168.100.1/30 and Office2 192.168.100.2/30. I have NAT turned off for these connections. Having NAT on made it worse, I wasn't able to ping the remote gateways.

I have also setup static routes on each router to look for 192.168.22.0/24 and 192.168.23.0/24 traffic to push the traffic to the correct gateway.

I've also setup IPv4 policies to allow the traffic over the interfaces.

So far I am only able to ping the gateway of each network but I cannot get traffic to go beyond that to other hosts on the other offices' LAN.

Network topology: enter image description here

FortiGate Office1 LAN5 Interface: enter image description here

FortiGate Office2 LAN5 Interface: enter image description here

FortiGate Office1 Static Routes: enter image description here

FortiGate Office2 Static Routes: enter image description here

FortiGate Office1 IPv4 Policies: enter image description here

FortiGate Office2 IPv4 Policies: enter image description here

qroberts
  • 285
  • 1
  • 4
  • 23
  • Which Fortigate unit are the screenshots from? Show us the routing table from both Fortigate units. – joeqwerty Jun 15 '18 at 17:53
  • Did you add the static route for 192.168.22.0/24? It shouldn’t be there. Directly connected networks have a dynamically created route already. That’s why it says type “connected” below that. Not sure if it’s a problem, but it’s a start. – Appleoddity Jun 15 '18 at 18:10
  • @joeqwerty I updated the screenshots to show the configs for both FortiGate's. Appleoddity I did add that route during troubleshooting, I will remove it and see what happens. – qroberts Jun 15 '18 at 18:13
  • @Appleoddity I removed those routes, still no traffic going beyond the other office gateway. – qroberts Jun 15 '18 at 18:34
  • Ok, I'm having a little trouble putting together a complete picture here. But, if you've removed that erroneous static route on both units, you also need to disable NAT in the IPv4 policies on #1. There shouldn't be any NATting going on over the transit network. I say I'm having trouble because I really can't see the names of things, nor do I know the network addresses that are represented by the names in your IPv4 policies. – Appleoddity Jun 15 '18 at 19:00
  • @qroberts Hi, were you able to sort out this issue? cause i'm stuck where you were. Can't get any traffic beyond the gateway. qroberts – Jo EL May 17 '21 at 11:46

0 Answers0