Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gorn
New Contributor

Created on ‎07-05-2021 02:10 AM

Layer-2 VPN with VxLAN over IPsec not work

https://kb.fortinet.com/kb/viewContent.do?externalId=FD40170&sliceId=1 - the settings are made according to this manual. On one A-fortigate a vlan comes to the port, on the other side a B-fortigate with a regular port, where the traffic is untagged.

Why do I see the mac-address of the host network B on the VxLan-IPsec-interface, and not on the port3? It seems to me that it does not work precisely because of this.

Expectation:

 

Real [size="2"](00:50:56:01:05:32 - local_host[not_ok], 00:50:56:97:b5:05 - remote_host[ok])[/size]:

1844
0 Kudos
1 REPLY 1
gorn
New Contributor

Created on ‎07-06-2021 03:34 AM

This is with the set intra-switch-policy explicit command and the firewall policy:

hostA - b5:05 hostB - 05:32 

 

This is without command and policies:

In my opinion, it looks more logical, but the mac-address does not go through the tunnel and it also does not work.

1363
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.