Problem with VPN Backup with MPLS

Forum|Forum|7 years ago
May 27, 2019
1 reply
2671 views

Dear,, I have two drives with 80G Fortigates and one MPLS circuit and one dedicated data circuit. Before I had two data circuit in which vpns were closed between units 01 and 02, I never had problems with failover. We put the MPLS directly into the firewall interface 3 and configured a direct route with the other end of the MPLS as the gateway. It has been configured in the following way: MPLS Administrative Distance: 2 Priority: 1 VPN_01 Administrative Distance: 2 Priority: 2 Both are configured in the same way on both ends. But when the MPLS link goes down, I'm forced to run a Bring down and Bring up on VPN_01 to get it to communicate. Note: The VPN is UP, but only get to traffic when I do this maneuver. Does anyone know why this happens? Link Healh has been configured, and I can see in the logs that the MPLS route has been removed

Toshi_Esumi

SuperUser

When both are up (a while), can you get ping responses right away from the other end of VPN interface IP from (you need to ping from the local FGT)? This follows a connected route so doesn't go to MPLS side, but goes through the tunnel regarless of the priority difference. I'm guessing the tunnel goes down when no traffic continues a while.

Alexis_G

New Member

You need to configure IP SLA.

Look for Health check settings.

The theory is that the device is monitoring a remote IP, if this IP SLA is lost, the routing changes to the next priority static route.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded