Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
spanz
New Contributor III

IPSec VPN - Few Issues

Hello guys,

I own a 600E appliance if it is relevant.

I would like to know a several things regarding the IPSEC VPN:

 

1. When running the IPSEC wizard it does generate rules that allow Remote_Subnet>Local_Subnet and Local_Subnet>Remote_Subnet.

my question is if I delete these rules, will the tunnel go up when the other side configure the IPSEC VPN on his appliance?

or maybe the fortigate needs to have corresponding rules that allow traffic between the protected networks on both sides.

 

2. I configured an IPSEC VPN with a service provider, and for the protected networks, he told me to set up some public IPs Subnet, and not a Private LAN Subnet, so I configured his remote gateway with a public IP and the his protected networks with a public IP range..

Can someone please explain why would he do this ? I'm a little confused. Thanks for your help!~

 

1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

1. By default, if you don't specify some network selectors, it sets 0/0<->0/0 for both direction. You need to match the other end as well, then it should come up.

2. Service providers often use public subnets to make sure uniqueness of each customer's networks, or their specific service networks against others. They're just IP subnets and no difference from private ranges for routing with IPsec.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors