Hi
In many tutorials when configuring ipsec vpn via sd wan that the tunnel interface must have an IP address, so my question is what is the purpose of this IP address and if the sd wan can work without ?
THANKS
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The tunnel interface IP is used for the traffic originating from fortigate itself to travel on the tunnel.
Without that, this traffic would use the exit interface IP, which would be the WAN interface IP and it would not be able to go on the tunnel
The reason we do this in SD WAN is because fortigate is sending traffic for SLA or ping for checking if the link is still up
To allow all this traffic to go across the tunnel, we have to define tunnel interface IP and add it to the phase 2 selectors.
So now when Fortigate sends all this traffic on tunnel, it would use the tunnel interface IP.
Here are some articles which you can refer for more information:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Self-originating-traffic-over-IPSec-VPN-Fo...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...
The tunnel interface IP is used for the traffic originating from fortigate itself to travel on the tunnel.
Without that, this traffic would use the exit interface IP, which would be the WAN interface IP and it would not be able to go on the tunnel
The reason we do this in SD WAN is because fortigate is sending traffic for SLA or ping for checking if the link is still up
To allow all this traffic to go across the tunnel, we have to define tunnel interface IP and add it to the phase 2 selectors.
So now when Fortigate sends all this traffic on tunnel, it would use the tunnel interface IP.
Here are some articles which you can refer for more information:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Self-originating-traffic-over-IPSec-VPN-Fo...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.