IPSec VPN - Few Issues

Question

Hello guys,I own a 600E appliance if it is relevant.I would like to know a several things regarding the IPSEC VPN: 1. When running the IPSEC wizard it does generate rules that allow Remote_Subnet>Local_Subnet and Local_Subnet>Remote_Subnet.my question is if I delete these rules, will the tunnel go up when the other side configure the IPSEC VPN on his appliance?or maybe the fortigate needs to have corresponding rules that allow traffic between the protected networks on both sides. 2. I configured an IPSEC VPN with a service provider, and for the protected networks, he told me to set up some public IPs Subnet, and not a Private LAN Subnet, so I configured his remote gateway with a public IP and the his protected networks with a public IP range..Can someone please explain why would he do this ? I'm a little confused.  Thanks for your help!~

Toshi_Esumi · Answer

1. By default, if you don't specify some network selectors, it sets 0/0<->0/0 for both direction. You need to match the other end as well, then it should come up.

2. Service providers often use public subnets to make sure uniqueness of each customer's networks, or their specific service networks against others. They're just IP subnets and no difference from private ranges for routing with IPsec.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded