| Description | This article describes a workaround for successfully backing up configurations on an Auvik server hosted across an IPsec tunnel. |
| Scope | FortiOS, FortiGate, IPsec Tunnel, Auvik. |
| Solution |
When an Auvik server is hosted across an IPsec tunnel behind a remote site, local FortiGate uses the default tunnel (IPsec) interface to execute backup commands destined for the Auvik server behind the remote site.
When FTP traffic is sent over a site-to-site VPN, the FortiGate uses the egress interface's IP address as the source IP in the packets.
Since the IPsec tunnel is assigned with 0.0.0.0/0.0.0.0 as an IP address under Network -> Interfaces -> WAN -> IPsec tunnel, due to phase 2 selectors under IPsec Tunnel that restrict source and destination subnets in site-to-site VPNs, packets with a source IP of 0.0.0.0 are denied.
To fix this issue, assign an IP address to the IPsec tunnel interface using the article: Configure IP address on an IPSec tunnel interface.
 |
