IPSec VPN on secondary IP....

Question

Hi,    We have a site-to-site VPN tunnel which is established by a FG300A & FG60 and it' s working properly for a long time. Recently we would like to have a test for using the backup Internet Connection on the FG300A (the external IP is configured as secondary IP on it' s WAN1 - same int. with the primary IP). Which I need to do is, create a new Auto Key (IKE) on the FG60 with the SAME setting as the old one for the FG300A BUT with different remote gateway IP Address, and then I swithed the VPN tunnel name from OLD to NEW in the encrypt policy at FG60 side....  the site-to-site VPN tunnel is up for a while but cannot ping to the host in opposite side... after that the tunnel cannot be established anymore........... In the log, the msg #1-#3 is OK but just say there is a failure at the FG60 side....    Anyone has any idea? Thanks!   Did you try to make the IPSec VPN tunnel with secondary IP....is it possible??

FlashOver · Answer

the Fortigate will responde with it' s primary address. We had the same problem.  You can fix it - it think - if you use in phase1 or phase2 the feature to define the Interface.So the FG will answer with the right ip and everything should work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded