Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spoojary
Staff
Staff

Created on ‎07-25-2025 09:37 AM Edited on ‎09-05-2025 01:29 AM By Community Manager

Article Id 403478

Troubleshooting Tip: IPsec dial-up connection to a Loopback Interface using Virtual IP does not work

Description This article describes issues with using a loopback interface linked to a Virtual IP (VIP) for IPSec dial-up connections.
Scope FortiGate.
Solution

Note: 

IPsec VPN remote access does not support loopback using virtual IP as of the moment. The connection may go up, but it will not allow traffic pass at all. It will also show esp_errors in the VPN event logs.

 

This article formerly described steps on how to configure a setup with IPSec VPN and a loopback interface accessible via Virtual IP. This setup does not work, and the steps were removed accordingly.

 

Working IPSec VPN examples with loopback interfaces (and no virtual IP) can be found here:
Technical Tip: Best practice when IPSec VPN is bound to loopback interface

Technical Tip: IPsec between 2 FortiGates using a loopback interface 
914
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.