IPSEC "Block private networks from WAN"

Started by bazbaz, September 18, 2023, 12:04:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2023, 12:04:46 PM Last Edit: September 18, 2023, 12:07:11 PM by bazbaz
Hi,
I've an IPSEC, site to site, VTI, tunnel between an OPN and a Fortigate.

The VTI interface has 10.77.36.54 on FG's side, and 10.77.36.53 on OPN's side.

When I try to send something from FG to networks behind OPN, or to 10.77.36.53, I can see on the OPN firewall that packets are discarded because it see them coming from the wan interface, not from the ipsec:
"Block private networks from WAN1"
interface   vmx1
interface_name   WAN1

why?

September 18, 2023, 01:13:40 PM #1
If this is a policy based tunnel, there is no separate interface. Packets are considered to come in via WAN.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 19, 2023, 11:41:48 AM #2
VTI, no policy pased
Print
Go Up Pages1
User actions