BGP Routes not arriving at Remote Site Fortigate

Question

Hi all,

I'm running 2 x VPNs between our HQ site (2 separate devices and two IPS's) and a remote site (Single FTG). Both VPN's are up and perfect. The Primary site runs eBGP and routes are being advertised in both directions (with an AD of 20). We are running iBGP on the secondary backup VPN so it will have a less preferential AD (of 200).

However, if I run "get router info routing-table database" on the remote site, I only see the eBGP routes. But on the HQ side, I get my AD 20 routes on one device and the AD 200 routes on the other

We dropped the Primary tunnel. The Secondary Backup one is up, BGP state is Established and HQ is learning the routes from the remote site, but the remote site will not learn the routes from the HQ.

On HQ, on the cli, i've typed "get router info bgp neighbor 192.168.x.x advertised-routes" and the routes I plan to advertise are in there. At the remote site, it has no BGP routes from the secondary HQ device.

Is there any other way of diagnosing as to what the issue might be ? It has me baffled

emnoc · Answer

yes I would 1st look at adv and recv per peer

e.g

get router info bgp neighbor 1.1.1.1 (advertised-routes|received prefix-filter|received-routes|routes)

Than you confirm route-table, the RIB is not always the best think to look at for the BGP routes learn but for what routes installed in the RIB., imho.

Query the neighbor HQ and RECV to see what you sent and what was received at the far end.

Ken Felix

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded