Description The following high level diagram illustrates the scenario: Solution - Establish an IPsec VPN tunnel between both FortiGates. It’s important to add the broadcast address 225.255.255.255 as a destination inside phase2 selectors: # config vpn ipsec phase1-interface- Configure Firewall Policies to allow multicast traffic through the IPsec tunnel: # config firewall policy- Add the needed static routes: # config router static- "Broadcast-forward" should be enabled on the interfaces: # config system interface - Configure Broadcast firewall address & policy: # config firewall multicast-address # config firewall multicast-policyThe same steps should be followed on site B - IPsec VPN configuration: # config vpn ipsec phase1-interface # config vpn ipsec phase2-interface- Firewall Policies: # config firewall policy- Static routing: # config router static- "Broadcast-forward" should be enabled on the interfaces: # config system interface - Configure Broadcast firewall address & policy: # config firewall multicast-address What type of VPN allows multicast and broadcast traffic over a secure site to site VPN?Generic Routing Encapsulation (GRE) is a VPN tunneling protocol used to encapsulate various network-layer protocols. The site-to-site protocol supports multicast and broadcast network traffic.
Which type of VPN has both layer 2 and Layer 3?MPLS is often called a provider-provisioned VPN and can support both Layer 3 and Layer 2 VPNs over an IP backbone. This article focuses on the Layer 3 VPNs. Layer 3 MPLS VPNs are based on RFC 2547 and 2547bis.
|