Layer-2 VPN with VxLAN over IPsec not work

Forum|Forum|4 years ago
July 5, 2021
1 reply
2156 views

https://kb.fortinet.com/kb/viewContent.do?externalId=FD40170&sliceId=1 - the settings are made according to this manual. On one A-fortigate a vlan comes to the port, on the other side a B-fortigate with a regular port, where the traffic is untagged.

Why do I see the mac-address of the host network B on the VxLan-IPsec-interface, and not on the port3? It seems to me that it does not work precisely because of this.

Expectation:

Real [size="2"](00:50:56:01:05:32 - local_host[not_ok], 00:50:56:97:b5:05 - remote_host[ok])[/size]:

gornAuthor

New Member

This is with the set intra-switch-policy explicit command and the firewall policy:

hostA - b5:05 hostB - 05:32

This is without command and policies:

In my opinion, it looks more logical, but the mac-address does not go through the tunnel and it also does not work.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded