Overview of IPv6 IPsec support
FortiOS supports route-based IPv6 IPsec, but not policy-based. This section describes how IPv6 IPsec support differs from IPv4 IPsec support. FortiOS 4.0 MR3 is IPv6 Ready Logo Program Phase 2 certified.
Where both the gateways and the protected networks use IPv6 addresses, sometimes called IPv6 over IPv6, you can create either an auto-keyed or manually-keyed VPN. You can combine IPv6 and IPv4 addressing in an auto-keyed VPN in the following ways:
IPv4 over IPv6 | The VPN gateways have IPv6 addresses. The protected networks have IPv4 addresses. The Phase 2 configurations at either end use IPv4 selectors. |
IPv6 over IPv4 | The VPN gateways have IPv4 addresses. The protected networks use IPv6 addresses. The Phase 2 configurations at either end use IPv6 selectors. |
Compared with IPv4 IPsec VPN functionality, there are some limitations:
• Except for IPv6 over IPv4, remote gateways with Dynamic DNS are not supported.
• Selectors cannot be firewall address names. Only IP address, address range and subnet are supported.
• Redundant IPv6 tunnels are not supported.