Dear networking fellow, i had issue with vpn site to site, my topology is:
staff2vlan < witch(VLAN) < Mikrotikrouter(NAT) < Fortigate(DMZ,VPN, NAT, WAN,Site1) -------ISP--------Mikrotik(WAN,NAT,Site2) > Switch > Server
- as per my research on google, ppl recommend
1/ to do port forward ipsec from Fortigate >to Mikrotik and do vpn on mikrotik, but the issue is Fortigate already had vpn to DMZ(forward port to mikrotik would cause existing vpn error.
2/ and, if place the staff2vlan in direct connect to fortigate would work(coz it is not double NAT), but this scenario seem risky to put user on DMZ.
So, is there any method to get staff2vlan access to server on the site2?
No comments:
Post a Comment