toshiesumi wrote:

Regularly the gateway IP is the tunnel interface IP on the other end, while the destination IP can be anything behind it.

I understand, actually when i setup IPsec to AWS it works fine because the interface was setup with IP

when i setup site to site VPN the interface has no IP

IP is 0.0.0.0

Remote IP to 0.0.0.0

 

 

You should set interface IPs on both ends of the tunnel if both sides are interface mode/route-base IPSec. Otherwise you can't use features like link-monitor since the default route must be routing to the outside of the tunnel.

toshiesumi wrote:

You should set interface IPs on both ends of the tunnel if both sides are interface mode/route-base IPSec. Otherwise you can't use features like link-monitor since the default route must be routing to the outside of the tunnel.

I can set any ip I would like?

for Example 

FG A IPsec Interface

IP 169.254.50.150

Remote IP 169.254.40.150

FG B IPsec Interface

IP 169.254.40.150

Remote IP 169.254.50.150

It should work although I never used link-local addresses. Don't forget to put subnet mask 255.255.255.255 on the local IP. From 5.6, remote-ip also requires subnet mask.

toshiesumi wrote:

It should work although I never used link-local addresses. Don't forget to put subnet mask 255.255.255.255 on the local IP. From 5.6, remote-ip also requires subnet mask.

Hi

I setup everything Just the way i setup AWS Tunnels

with the Local and remote Its (AWS also use subnet 169.254.X.X for the link monitor)

but can't gate any indication of the Tunnel Status on Link Monitor (I know the tunnels are UP and traffic working correctly)

here is what i get on Link Monitor (compared to AWS Tunnels)