[Openswan Users] I have solved problems with Fortigate site-to-site IPsec VPN tunnels and SAP Servers in Amazon AWS Cloud for a Company in Singapore on 27 Oct 2021 Wed
Turritopsis Dohrnii Teo En Ming
ceo.teo.en.ming at gmail.com
Sun Oct 31 10:19:03 UTC 2021
Subject: I have solved problems with Fortigate site-to-site IPsec VPN
tunnels and SAP Servers in Amazon AWS Cloud for a Company in Singapore
on 27 Oct 2021 Wed
Good day from Singapore,
The situation is as follows.
Site-to-site IPsec VPN Tunnel 1 (SAP-VPN1) => Links Singapore Network
and SAP Production Server in Amazon AWS.
Site-to-site IPsec VPN Tunnel 2 (SAP-VPN2) => Links Singapore Network
and SAP Development Server in Amazon AWS.
Problem No. 1
==============
When SAP vendor connects to SSL VPN, they could not SSH into SAP
Production and SAP Development servers.
My Solution
============
Go to Fortigate 200D Firewall.
Click Policy & Objects > IPv4 Policy.
Inside the firewall rule "SSL-VPN tunnel interface (ssl.root) to
SAP-VPN1", add SSH under Service.
Inside the firewall rule "SSL-VPN tunnel interface (ssl.root) to
SAP-VPN2", add SSH under Service.
Problem No. 2
=============
When SAP vendor tries to ping/access Singapore Server .16 from SAP
Development Server, connection failed.
My Solution
============
My solution is to divert all traffic from Tunnel 2 to Tunnel 1, since
no traffic flows through Tunnel 2 at all.
Go to Fortigate 200D firewall.
Click VPN > IPsec Tunnels
Expand Custom.
Click on the tunnel "SAP-VPN1".
Under Phase 2 Selectors, change Remote Address from
x.x.81.64/255.255.255.255 to x.x.81.0/255.255.255.0.
Click Network > Static Routes
For the Destination: "SAP Production Server (.21 and .249)", it is
already using the tunnel interface SAP-VPN1. No need to change.
For the Destination: "SAP Development Server (.64 and .65)", change
the tunnel interface from SAP-VPN2 to SAP-VPN1.
This is to divert all traffic from Tunnel 2 to Tunnel 1.
Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 31 Oct 2021,
is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant
with a Systems Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
More information about the Users
mailing list