Hi all,
Looking for some advice on an implementation we're scheduled to do this week.
Need to setup an IPsec tunnel to a 3rd party, the design that's been approved by the architecture team is using the remote public IP as a phase 2 selector with advice that no static routing is required on our side (i.e. we would normally point traffic destined to the remote end of the VPN to the VPN interface of our FW with a source subnet).
We're using a FGT. I suppose the question amounts to:
How will the routing work if there's no static route to direct the traffic? Does the FGT insert a route for the remote end of the tunnel by default on some level (haven't been able to see this in our routing tables for existing VPN's)?
Any advice much appreciated, happy to clarify anything I've under-explained too.
Cheers
No comments:
Post a Comment