Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hhasny
Staff
Staff

Created on ‎03-30-2023 09:59 PM

Article Id 250815

Technical Tip: IPSec site to site VPN showing random 10.0.0.0/8 range

Description This article describes the reason why IPSec site-to-site VPN next hop shows a random 10.0.0.0/8 range when using the same remote gateway IP address.
Scope

FortiOS 7.0.1
Solution

When two IPSec VPN tunnels have the same remote gateway IP, the next-hop IP is shown with a random IP from the 10.0.0.0/8 range.

 

IPSEC Gateway.PNG

 

In this example, route 10.193.0.0/20 is reachable over Tunnel_01 and Tunnel_02 with the same remote gateway.

 

Static route to 10.193.0.0/20Static route to 10.193.0.0/20

 

From the routing table, both tunnels were Tunnel_01 with 10.47.19.80 and Tunnel_02 with 10.0.0.3.

 

These IPs are actually the tunnel ID for each VPN and it is expected.

 

tunnel_01_id.PNG

 

tunnel_02_id.PNG

 

Related document:

http://docs.fortinet.com/document/fortigate/7.0.0/new-features/649094/dedicated-tunnel-id-for-ipsec-...

 

1640
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.