Ipsec vpn from lan interface

torrington · ‎11-06-2019

Hello, I have two fortigate routers on two sites. Between the sites I have an antenna connection. I would like to create an ipsec vpn, but instead of using internet and wan interfaces, I would like to create the ipsec using the internal interface and create it inside this antenna connection. Is this possible? if yes, how can I achieve it?

Thanks.

Duncan · ‎11-06-2019

Your problem is standard and solvable but you don't want to create the tunnel on a LAN interface. Use a private WAN interface (create them if needed) on each FG and assign point-to-point addresses. You can use any standard LAN IP scheme that you are not using in your LAN. Make the network very small. Like /30 (255.255.255.252). Make sure they can ping each other then setup the IP tunnel over that private WAN.

View solution in original post

Duncan · ‎11-06-2019

Your problem is standard and solvable but you don't want to create the tunnel on a LAN interface. Use a private WAN interface (create them if needed) on each FG and assign point-to-point addresses. You can use any standard LAN IP scheme that you are not using in your LAN. Make the network very small. Like /30 (255.255.255.252). Make sure they can ping each other then setup the IP tunnel over that private WAN.

torrington · ‎11-06-2019

Duncan, can thank you enough. You save me. Works like a charm.

Thank you very much.

Ipsec vpn from lan interface

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website