Troubleshooting Tip: IPsec dial-up connection to a Loopback Interface using Virtual IP does not work
| Description | This article describes issues with using a loopback interface linked to a Virtual IP (VIP) for IPSec dial-up connections. |
| Scope | FortiGate. |
| Solution | Note: IPsec VPN remote access does not support loopback using virtual IP as of the moment. The connection may go up, but it will not allow traffic pass at all. It will also show esp_errors in the VPN event logs.
This article formerly described steps on how to configure a setup with IPSec VPN and a loopback interface accessible via Virtual IP. This setup does not work, and the steps were removed accordingly.
Working IPSec VPN examples with loopback interfaces (and no virtual IP) can be found here: Technical Tip: IPsec between 2 FortiGates using a loopback interface |