Hello, I have two fortigate routers on two sites. Between the sites I have an antenna connection. I would like to create an ipsec vpn, but instead of using internet and wan interfaces, I would like to create the ipsec using the internal interface and create it inside this antenna connection. Is this possible? if yes, how can I achieve it?
Thanks.
Solved! Go to Solution.
Your problem is standard and solvable but you don't want to create the tunnel on a LAN interface. Use a private WAN interface (create them if needed) on each FG and assign point-to-point addresses. You can use any standard LAN IP scheme that you are not using in your LAN. Make the network very small. Like /30 (255.255.255.252). Make sure they can ping each other then setup the IP tunnel over that private WAN.
Your problem is standard and solvable but you don't want to create the tunnel on a LAN interface. Use a private WAN interface (create them if needed) on each FG and assign point-to-point addresses. You can use any standard LAN IP scheme that you are not using in your LAN. Make the network very small. Like /30 (255.255.255.252). Make sure they can ping each other then setup the IP tunnel over that private WAN.
Duncan, can thank you enough. You save me. Works like a charm.
Thank you very much.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2679 | |
| 1412 | |
| 810 | |
| 704 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.