Fortigate 6.2.7 GRE/IPSec tunnel symmetric path

Forum|Forum|4 years ago
May 22, 2021
1 reply
2176 views

Dear all,

I have a situation that I have found it difficult to manage. Any help is very much appreciated.

I have a Fortigate 100F running in FortiOS 6.2.7 and is used as the IPSec tunnel end-point in the HQ. The other end of the IPSec tunnels are branch routers (third-party devices).

the HQ has two different Internet provider with their assigned IP addresses that are not routable between each other. In another words, IP addresses assigned by provider A is not routable via provider B and vice versa.

There is a need to establish two IPSec tunnel (Tunnel_A, and Tunnel_B) from branch toward the HQ Fortigate which Tunnel_A at the branch router is point to the HQ's Provider A ip address (assigned on Fortigate) and Tunnel_B to the HQ's provider B IP address (assigned on Fortigate)

The default route is point toward the Provider A.

The problem raises when the Tunnel_B traffic from branches pointing to the Provider_B, however, the egress traffic from fortigate is matching the default routing table and is not using the interface that it comes.

Any help is very much appreciated.

With regards

Behzad

6.2

40james_FTNT

Staff

Try putting at the HQ Firewall the interface for provider A in vrf1 and the interface for provider B in vrf2. Make sure each vrf has their own default gw to the respective providers when you check the routing "get router info routing-table all". Good Luck!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded