Configuring a default route for VPN interface

Chapter 11 IPsec VPN for FortiOS 5.0 : Gateway-to-gateway configurations : Configuring the two VPN peers : Creating security policies : Configuring a default route for VPN interface

All network traffic must have a static route to direct its traffic to the proper destination. Without a route, traffic will not flow even if the security policies are configured properly. You may need to create a static route entry for both directions of VPN traffic if your security policies allow bi-directional tunnel initiation.

To configure the route for a route-based VPN

1. On FortiGate_2, go to Router > Static > Static Routes and select Create New.

For low-end FortiGate units, go to System > Network > Routing and select Create New.

2. Enter the following information, and then select OK:


Destination IP / Mask	10.21.101.0/24
Device	FGT2_to_FGT1_Tunnel
Gateway	Leave as default: 0.0.0.0.
Distance (Advanced)	Leave this at its default. If there are other routes on this FortiGate unit, you may need to set the distance on this route so the VPN traffic will use it as the default route. However, this normally happens by default because this route is typically a better match than the generic default route.