09-24-2013 03:37 PM - edited 02-21-2020 07:11 PM
Hi All
I have an issue whereby I'm trying to configure BGP over IPSEC. I'm able to bring up BGP over the IPSEC tunnel without any issues, however i'm unable to ping the remote subnet. Can't understand why, however when i use a static route to point traffic through the tunnel i'm able to ping the remote subnet. I would expect BGP to take care of the source and destination routing, I need this feature to be dynamic.
I know this would probably work with GRE tunnels but why does'nt it work without?
Any Ideas
09-24-2013 07:49 PM
Hi,
Are you advertising both end subnets via BGP (network statements). Do you see the routes being learned via BGP?
Post configs, if possible.
Thx
MS
09-25-2013 01:28 AM
Hi
We're advertising both end's within BGP. The basic set up is we have, a fortinet firewall with a tunnel terminating on an ASA with another fortinet behind the ASA. BGP is running between both fortinet's. and the IPSEC tunnels terminate on the ASA's.
Traffic from the fortinet does'nt route through the tunnel unless I put a static route in to point traffic down the tunnel. BGP should be taking care of this function.
regards
Carl Williams
09-25-2013 08:46 AM
Hi Carl,
If Iam correct, your set up: Fortinet --> ASA <--Tunnel--> ASA--> Fortinet. BGP between 2 Fortinets. Is it EBGP/IBGP? Where you need to add static route? Is there any other routing protocol thru which your systems learning same network with lower admin distance? That may be one reason you need to add static route.
Thx
MS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: