Filter OSPF routes from specific Neighbor

Forum|Forum|9 years ago
June 21, 2016
1 reply
6229 views

Hi,

I have following Topology, All devices in OSPF Area 0.

192.168.101.0/24 ------ Port 1------ Port 1 ------ 192.168.201.0/24

Fortigate HO Port 2------ Port 2 Fortigate Remote

192.168.102.0/24 ------ IPSec------ IPSec ------ 192.168.202.0/24

I have three neighborship between both Fortigate and ECMP configured.

I have following questions:

First question: Is there any option to filter route (192.168.101.0/24) to be learned by IPSec at Foritgate Remote. So that all traffic for 192.168.101.0/24 will load balance between Port 1 and Port 2.

Second question: I am getting routes 192.168.101.0/24 at Remote learned by all three neighbors and load balancing is configured between them. I want to pass traffic of 192.168.101.100/32 and 192.168.101.101/32 only to Port 1 and Port 2 and deny this traffic to pass through IPSec.

Muhammad_Atif_JauharAuthor

New Member

Hi,

For answer of first question:

I want to restrict one subnet to be advertise to/from IPSec tunnel but it should advertise to other links (Port1 and Port2).

For answer of second question:

Once I put policy to deny traffic via IPSec. Its drop my all traffic from 192.168.201.0/24 and 192.168.202.0/24 to 192.168.101.100/32 and 192.168.101.101/32 though I have another policy which allow traffic via Port 1 and Port 2. May be due to once traffic reach Firewall next hop selected is IPSec tunnel due to ECMP.

Rafael_Rosseto

New Member

Hello,

Are you able to accomplish this?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded