I have solved problems with Fortigate site-to-site IPsec VPN tunnels and SAP Servers in Amazon AWS Cloud for a Company in Singapore on 27 Oct 2021 Wed

Subject: I have solved problems with Fortigate site-to-site IPsec VPN tunnels and SAP Servers in Amazon AWS Cloud for a Company in Singapore on 27 Oct 2021 Wed


Good day from Singapore,


The situation is as follows.


Site-to-site IPsec VPN Tunnel 1 (SAP-VPN1) => Links Singapore Network and SAP Production Server in Amazon AWS.


Site-to-site IPsec VPN Tunnel 2 (SAP-VPN2) => Links Singapore Network and SAP Development Server in Amazon AWS.


Problem No. 1

==============


When SAP vendor connects to SSL VPN, they could not SSH into SAP Production and SAP Development servers.


My Solution

============


Go to Fortigate 200D Firewall.


Click Policy & Objects > IPv4 Policy.


Inside the firewall rule "SSL-VPN tunnel interface (ssl.root) to SAP-VPN1", add SSH under Service.


Inside the firewall rule "SSL-VPN tunnel interface (ssl.root) to SAP-VPN2", add SSH under Service.


Problem No. 2

=============


When SAP vendor tries to ping/access Singapore Server .16 from SAP Development Server, connection failed.


My Solution

============


My solution is to divert all traffic from Tunnel 2 to Tunnel 1, since no traffic flows through Tunnel 2 at all.


Go to Fortigate 200D firewall.


Click VPN > IPsec Tunnels


Expand Custom.


Click on the tunnel "SAP-VPN1".


Under Phase 2 Selectors, change Remote Address from x.x.81.64/255.255.255.255 to x.x.81.0/255.255.255.0.


Click Network > Static Routes


For the Destination: "SAP Production Server (.21 and .249)", it is already using the tunnel interface SAP-VPN1. No need to change.


For the Destination: "SAP Development Server (.64 and .65)", change the tunnel interface from SAP-VPN2 to SAP-VPN1.


This is to divert all traffic from Tunnel 2 to Tunnel 1.


Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 31 Oct 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a Systems Integrator (SI)/computer firm in Singapore. He is an IT enthusiast.





REFERENCES

===========


[1] https://lists.openswan.org/pipermail/users/2021-October/023804.html


Comments

Post a Comment

Popular posts from this blog

[24 Mar 2022 Thursday] Erectile Dysfunction and Viagra

Image
Subject: [24 Mar 2022 Thursday] Erectile Dysfunction and Viagra I have erectile dysfunction due to taking medications for mental illness (schizophrenia). Without Viagra, my penis is soft like jelly most of the time. There is no way I can penetrate a woman’s vagina due to erectile dysfunction. Today is the very 1st time I am taking Viagra. It allows my penis to remain hard and fully erected for 2 solid hours during sexual intercourse. Thanks Viagra! I can finally have sex! I am already 44 years old. What am I missing out in life?????? Do I still qualify to be a Japanese Adult Video (JAV) porn star actor???????? Link:  https://m.facebook.com/story.php?story_fbid=10158113552827735&id=646397734
Read more

Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem

Subject of Hint: Patching Linux Kernel 5.5.7 to Add Support for AUFS Filesystem ORIGINAL AUTHOR: JIMMY ANDERSON ORIGINAL DATE: 2013-01-20 EDITED BY: TURRITOPSIS DOHRNII TEO EN MING, SINGAPORE EDIT DATE: 15 MAR 2020 SUNDAY MANDATORY PREREQUISITES ======================= You *MUST* follow the guide/hint here first (COMPULSORY): http://lists.linuxfromscratch.org/pipermail/hints/2020-March/003334.html HINT ==== To obtain the aufs5 kernel patches, do the following:   $ sudo apt install git #------------ Cut and Paste start cd $LFS/sources git clone git://github.com/sfjro/aufs5-standalone.git \ aufs5-standalone.git cd aufs5-standalone.git git checkout -b origin/aufs5.5 cp aufs5-*.patch .. rm -f include/uapi/linux/Kbuild tar cvfz $LFS/sources/aufs5.tar.gz Documentation fs include cd .. rm -rf aufs5-standalone.git #------------ Cut and Paste end Rebuilding your kernel ======================    Follow the instructions in the LFS/BLFS book and...
Read more