BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Carl Williams · ‎09-24-2013

Hi All

I have an issue whereby I'm trying to configure BGP over IPSEC. I'm able to bring up BGP over the IPSEC tunnel without any issues, however i'm unable to ping the remote subnet. Can't understand why, however when i use a static route to point traffic through the tunnel i'm able to ping the remote subnet. I would expect BGP to take care of the source and destination routing, I need this feature to be dynamic.

I know this would probably work with GRE tunnels but why does'nt it work without?

Any Ideas

mvsheik123 · ‎09-24-2013

Hi,

Are you advertising both end subnets via BGP (network statements). Do you see the routes being learned via BGP?

Post configs, if possible.

Thx

MS

Carl Williams · ‎09-25-2013

Hi

We're advertising both end's within BGP. The basic set up is we have, a fortinet firewall with a tunnel terminating on an ASA with another fortinet behind the ASA. BGP is running between both fortinet's. and the IPSEC tunnels terminate on the ASA's.

Traffic from the fortinet does'nt route through the tunnel unless I put a static route in to point traffic down the tunnel. BGP should be taking care of this function.

regards

Carl Williams

mvsheik123 · ‎09-25-2013

Hi Carl,

If Iam correct, your set up: Fortinet --> ASA <--Tunnel--> ASA--> Fortinet. BGP between 2 Fortinets. Is it EBGP/IBGP? Where you need to add static route? Is there any other routing protocol thru which your systems learning same network with lower admin distance? That may be one reason you need to add static route.

Thx

MS