Skip to main content
HS08
HS08
Visitor III
January 16, 2026
Question

VPN tunnel IP

  • January 16, 2026
  • 1 reply
  • 222 views

On my FGT Hub i have  VPN site to site to Azure with the peer ip address is 20.184.16.72 and 52.148.92.8

But why when i execute get router info routing-table details 10.201.10.5 the tunnel ip is 1.1.1.1 and 52.163.73.175 (not 20.184.16.72 and 52.148.92.8)?

If i check the same routing table on my spoke then the tunnel showing right ip.

 

FW01 (Internet) # get router info routing-table details 10.201.10.5

Routing table for VRF=0

Routing entry for 10.201.0.0/16

Known via "static", distance 10, metric 0, best

* via AZURE-1 tunnel 1.1.1.1 vrf 0, tun_id

 

Routing entry for 10.201.0.0/16

Known via "bgp", distance 20, metric 0

Last update 00:00:59 ago

vrf 0 10.201.0.4 priority 1 (recursive via AZURE-2 tunnel 52.163.73.175)

1 reply

mpapisetty
Staff
mpapisetty
Staff
January 18, 2026

Hi @HS08 ,

I would recommend you to have a look at this - https://docs.fortinet.com/document/fortigate/7.0.0/new-features/649094/dedicated-tunnel-id-for-ipsec-tunnels-7-0-1  - and see if the tunnel ID is being derived from any of the scenarios mentioned. 

 

Couple of key callouts - 

1. In general, tunnel IDs are assigned the IP address of the remote gateway. If multiple tunnels use the same gateway IP address, then a random IP address from the subnet 10.0.0.0/8 is assigned.

2. Although the remote gateway can be used as the tunnel ID, it does not equate to the actual IP rof the next hop when it appears in the routing table.

Terms & ConditionsAccessibility statement