Priority and OSPF IPSEC Tunnels

Forum|Forum|16 years ago
November 18, 2009
4 replies
4245 views

Will the priority set in the static routes flow down and be used by the ipsec tunnels on those interfaces? In other words, would I be able to unset the cost from the ospf-interface secion for each interface so they are all set to 10 and rely on the priority set in the static route to determine how to route traffic? config router static edit 1 set device " wan1" set gateway 66.43.75.17 set priority 20 next edit 2 set device " wan2" set gateway 69.193.166.49 next config ospf-interface edit " Ny-Rgts-Paetec" set cost 20 set interface " Ny Rgts-Paetec" set network-type point-to-point next edit " Ny-Twc-Comcast" set cost 10 set interface " Ny Twc-Comcast" set network-type point-to-point next end

rwpatterson

New Member

I don' t believe the two are related. Port priority is independent of OSPF port cost. OSPF is based on number of hops.

A

Anonymous_UserAuthor

Contributor

Hello daronberg, Each routing protocol has got an admin distance (preference), that can be changed, which is not related to cost of an OSPF interface. That last one is used only for OSPF route selection (in case for example if 2 similar routes are received via 2 links). You will find more details about admin distance here : Technical Note : FortiGate IP route selection, and how to change the administrative distance (preference) of a routing protocol http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30086 Concerning priority on static routes, this applies to static routes only and the FortiGate uses that to decide which route will be used to effectively route traffic. Mode information about that here : Technical Note : Setting priority on static default routes to create a primary (preferred) and a secondary path http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30907 -J.

A

Anonymous_UserAuthor

Contributor

Thank You. I believe I am clear on the static route side. In a nutshell setting the priority on the static route only affects the static routes and has no bearing on any of the OSPF tunnels. On the OSPF side how would I adjust the weighting of the interface between two ospf tunnels. I would like to prioritize the routes so they use VPN Tunnel B instead of VPN Tunnel A. Can I do this without using Policy Routes? Diagram: Router A WAN 1 (ISP 1) Internet OSPF via VPN Tunnel A WAN 2 (ISP 2) Internet OSPF via VPN Tunnel B Router B WAN 1 (ISP 3) Internet OSPF via VPN Tunnel A WAN 2 (ISP 4) Internet OSPF via VPN Tunnel B

rwpatterson

New Member

From the CLI:

  config router ospf          config ospf-interface              edit " <OSPF_interface>"                   set cost xx (lower cost = higher priority)              next          end  end

A

Anonymous_UserAuthor

Contributor

Thats what I thought. See my config above. Unfortunately, it did not have the desired results. Traffic was still not consistently being directed over the proper tunnel. I read somewhere that depending what order the default routes where entered for wan1 and wan2 would govern priority for other routes that use the wan1 and wan2 physical interface. Not sure if that could be it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded