#config system interface2) Use the 'Remote IP' as the gateway IP address in the policy route.
edit "VPN01"
set vdom "root"
set ip 10.1.1.1 255.255.255.255
set type tunnel
set remote-ip 10.1.1.2 255.255.255.252
set interface "port1"
next
end
# config router policyNote:
edit 1
set input-device "port3”
set src "VPN01_local"
set dst "VPN01_remote"
set gateway 10.1.1.2
set output-device "VPN01"
next
end
2019-12-27 16:03:02 id=20085 trace_id=148 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 172.16.1.1:1->192.168.1.1:2048) from port3. type=8, code=0, id=1, seq=87."
2019-12-27 16:03:02 id=20085 trace_id=148 func=init_ip_session_common line=5625 msg="allocate a new session-00975287"
2019-12-27 16:03:02 id=20085 trace_id=148 func=vf_ip_route_input_common line=2581 msg="Match policy routing id=1: to 192.168.1.1 via ifindex-50"
2019-12-27 16:03:02 id=20085 trace_id=148 func=vf_ip_route_input_common line=2596 msg="find a route: flag=04000000 gw-10.1.1.2 via VPN01"
2019-12-27 16:03:02 id=20085 trace_id=148 func=fw_forward_handler line=783 msg="Allowed by Policy-1:"
2019-12-27 16:03:02 id=20085 trace_id=148 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN01"
2019-12-27 16:03:03 id=20085 trace_id=148 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2019-12-27 16:03:03 id=20085 trace_id=148 func=ipsec_output_finish line=622 msg="send to 10.104.7.80 via intf-wan1"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.