Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
stxstephen
New Contributor

Created on ‎12-04-2013 08:53 PM

IPSec VPN Problem [Error: Remote IP must be set if IP is defined.]

Hello I have a problem with the IPSec VPN (Interface Mode) between 2 Fortigate Firewalls. Site A has FG 40C with 4.0 and site B has FG 110C with 5.0 version. All setup is completed except the network interface (System > Network > Interface). For FG40C in Site A, it has input field for remote ip (attached screenshot). But, FG 110C in site B, the screenshot showed that there is no remote ip input field. Also, completed the input and click Apply or OK. It shows the error message “Remote IP must be set if IP is defined.” Is there any location is provided the input field of remote ip for FG 110C verion 5? Thanks for any help.
Preview file
196 KB
8466
0 Kudos
5 REPLIES 5
ede_pfau
SuperUser
SuperUser

Created on ‎12-04-2013 11:43 PM

There' s probably a CLI only option to set the remote IP address in FOS 5.x. But aside from this, do you really need the IP addresses on the tunnel interfaces? All of my VPN tunnels run without tunnel interface IP' s. In the ' Interface' section, it' s not about the public IP address but the ' LAN' address of the tunnel interface. edit:
conf system interface
    edit mytunnel
       set remote-ip x.y.z.t
quoting the v5 CLI Reference, pg. 567: " Enter an IP address for the remote end of a tunnel interface. If you want to use dynamic routing with the tunnel, or be able to ping the tunnel interface, you must specify an address for the remote end of the tunnel in remote-ip and an address for this end of the tunnel in ip. This is only available if type is tunnel."
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5374
0 Kudos
Maik
New Contributor II

Created on ‎12-05-2013 03:08 AM

i checked on a 800C with 5.0.3 200B with 5.0.4 310B with 5.0.5 In all 3 cases, the " remote IP" field is visible in the WebGui. I don' t have a 110C with OS5 by hand to check
5375
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎12-05-2013 04:03 AM

I would have been surprised if the Remote IP field was NOT in the GUI, as long as you can set the tunnel IP at all. Browser issue - cache cleared? Which exact version of FOS 5.x are we talking about?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5375
0 Kudos
stxstephen
New Contributor
In response to ede_pfau

Created on ‎12-11-2013 10:38 PM

It is 110C with 5.0.0. Cleared the browser cache, there is also no Remote IP field in the GUI. Hence, I setup VPN tunnel without tunnel interface IP' s. It works. BTW, thanks all for your help.
5375
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎12-11-2013 11:40 PM

Glad it works now. 100% of my VPN tunnels are unumbered, and of course they work. So your solution is perfectly OK. BTW, I' d upgrade soon. Let' s put it like this, each 5.0 patch resolves a LOT of issues. Currently at 5.0.5.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
5376
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.