Tunneling IPv6 through IPsec VPN

Tunneling IPv6 through IPsec VPN

A variation on the tunneling IPv6 through IPv4 is using an IPsec VPN tunnel between to FortiGate devices. FortiOS supports IPv6 over IPsec. In this sort of scenario, 2 networks using IPv6 behind FortiGate units are separated by the Internet, which uses IPv4. An IPsec VPN tunnel is created between the 2 FortiGate units and a tunnel is created over the IPv4 based Internet but the traffic in the tunnel is IPv6. This has the additional advantage of make the traffic secure as well.

For configuration information, see IPv6 IPsec VPN on page 1.

IPv6 support for GRE tunnels

You can use IPv6 addresses can be used at both ends of a GRE tunnel in the same way as with IPv4.

The configuration is similar to how you set up the tunnel for IPv4. However, when you configure the specific tunnel, you need to set the ip-version option to 6. This will enable IPv6-specific options for the tunnel.

CLI

config system gre-tunnel edit <name of tunnel> set ip-version 6 set remote-gw6 <IPv6 address of the remote gateway> set local-gw-6 <IPv6 address of the local gateway>

end

This entry was posted in Administration Guides, FortiGate on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.