SRX

Hello everyone, I would like to know if it's possible to connect local networks which aren't connected directly to the firewall. E.g.: We have one Juniper at our office and on other end, another firewall (A Fortigate) which makes IPSec VPN to access our local subnet and for us, to access the remote subnet protected on this IPsec connection. On the other end, at Fortigate, there are other offices which connects to the firewall, but not on VPN (these remote sites are not IPsec-capable, being connected via dedicated/mpls links) and I would like to know if their local networks can access the resources on our SRX end, but passing through the IPsec VPN connection via Fortigate.

Is that possible?

Thanks!

Hello there,

Short answer - yes it is possible.

Long answer - it is possible, route-based IPSec VPN with routing protocol running through the tunnel is very much preferred in this scenario. If your chosen Fortigate model does not support routing protocol via IPSec VPN tunnel, then You either could use GRE-tunnel-inside-IPSec VPN tunnel/GRE-over-IPSec for short; or use static routes.

Thx

Alex

Thanks Alex! In the first instance, we are going to try on static routing. Gotta try GRE stuff if it doesn't work