IP address for ipsec tunnel

yeowkm99 · ‎11-24-2024

is there any limit on the IP address that I can used for ipsec site-to-site tunnels from fortinet firewall to 3rd party firewall like in AWS cloud.

currently we have site-to-site ipsec using 172.xx.xx.xx/16 as our MPLS network are all in the range 172.16.0.0 to 172.32.0.0/16.

Can we do IP subnet out of this range?

DPadula · ‎11-24-2024

Hi yeowkm99,

I don't see any reason why you couldn't not subnet the range 172.x.x.x/16 for the IPSec tunnel.

sjoshi · ‎11-27-2024

Hi there is no limit on the IP subnet range.

Make sure the quick mode selectors on both ends are same

Let us know if this helps.
Salon Raj Joshi

yeowkm99 · ‎11-27-2024

any issues if i create ipsec tunnels to 2 difference 3rd party using the same subnets?

eg 172.25.0.0/16 souce, 172.30.0.0/16 destination and 172.25.0.0/16 source, 172.28.0.0/16 destination both with difference WAN IP address.

sjoshi · ‎11-27-2024

Hi,

there will be no issue.

else you can also use VIP, IP pool concept.

refer:-

Let us know if this helps.
Salon Raj Joshi

Nominate a Forum Post for Knowledge Article Creation