ADVPN - IPSEC - BGP - Redistributing static routes

Hi, we set up an ADVPN Hub and Spoke network layout like this:

FOSSONE.drawio.png

Hub is Fortigate 3000F, Spoke is Fortigate 60F.

We configured BGP on Hub and Spoke (on the IPSEC Tunnel)

We noticed that "connected networks" of spoke are distributed correctly:

10.39.80.0/24 -> IPSEC TUNNEL

but the static route (10.172.6.1/32 -> 10.39.80.2) is distributed with the wrong "next hop".

On the Hub we got:

10.172.6.1/32 -> 10.39.80.2

instead we would

10.172.6.1/32 -> IPSEC TUNNEL

Any hints?

Best answer by pacionet

After some googling I found the solution: we set on the spoke:

set next-hop-self-rr enable

pacionetAuthorAnswer

New Member

After some googling I found the solution: we set on the spoke:

set next-hop-self-rr enable

Staff & Editor

Hello pacionet,

Thanks for sharing the solution and glad that you solved your issue :)

Jean-Philippe - Fortinet Community Team

Sign up