Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Hi All

I have an issue whereby I'm trying to configure BGP over IPSEC. I'm able to bring up BGP over the IPSEC tunnel without any issues, however i'm unable to ping the remote subnet. Can't understand why, however when i use a static route to point traffic through the tunnel i'm able to ping the remote subnet. I would expect BGP to take care of the source and destination routing, I need this feature to be dynamic.

I know this would probably work with GRE tunnels but why does'nt it work without?

Any Ideas

3 REPLIES

BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Hi,

Are you advertising both end subnets via BGP (network statements). Do you see the routes being learned via BGP?

Post configs, if possible.

Thx

MS

New Member

BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Hi

We're advertising both end's within BGP. The basic set up is we have, a fortinet firewall with a tunnel terminating on an ASA with another fortinet behind the ASA. BGP is running between both fortinet's. and the IPSEC tunnels terminate on the ASA's.

Traffic from the fortinet does'nt route through the tunnel unless I put a static route in to point traffic down the tunnel. BGP should be taking care of this function.

regards

Carl Williams

BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Hi Carl,

If Iam correct, your set up:  Fortinet --> ASA <--Tunnel--> ASA--> Fortinet. BGP between 2 Fortinets. Is it EBGP/IBGP? Where you need to add static route? Is there any other routing protocol thru which your systems learning same network with lower admin distance? That may be one reason you need to add static route.

Thx

MS

669
Views
0
Helpful
3
Replies
CreatePlease login to create content