IPSec VPN on secondary IP....

wcbenyip · ‎06-25-2009

Hi, We have a site-to-site VPN tunnel which is established by a FG300A & FG60 and it' s working properly for a long time. Recently we would like to have a test for using the backup Internet Connection on the FG300A (the external IP is configured as secondary IP on it' s WAN1 - same int. with the primary IP). Which I need to do is, create a new Auto Key (IKE) on the FG60 with the SAME setting as the old one for the FG300A BUT with different remote gateway IP Address, and then I swithed the VPN tunnel name from OLD to NEW in the encrypt policy at FG60 side.... the site-to-site VPN tunnel is up for a while but cannot ping to the host in opposite side... after that the tunnel cannot be established anymore........... In the log, the msg #1-#3 is OK but just say there is a failure at the FG60 side.... Anyone has any idea? Thanks! Did you try to make the IPSec VPN tunnel with secondary IP....is it possible??

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

FlashOver · ‎06-28-2009

the Fortigate will responde with it' s primary address. We had the same problem. You can fix it - it think - if you use in phase1 or phase2 the feature to define the Interface.So the FG will answer with the right ip and everything should work.

wcbenyip · ‎06-28-2009

Well, the point is I have already using the Secondary IP as the VPN gateway in the other side setting....... it seems that we can' t make it working with secondary IP.......

Protect yourself~ http://www.secunia.com MBCS CEH FCNSA

IPSec VPN on secondary IP....

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website