New Member

Solved

SDWAN: IPsec Aggregation under NAT is not seen

Forum|Forum|1 year ago
September 13, 2024
3 replies
3527 views

Hello,

IPsec aggregation I/F is not seen when I try to input it as SDWAN member.

Here is my environment.

(wan1) --- NAT router1 --- (wan2)

FG1 FG2

(wan2) --- NAT router2 --- (wan2)

At FG1, as VPN tunnel, vpn1_1 and vpn1_2 are created

And AGGnat I/F is created as aggregation of the both.

At FG2, the situation is similar.

In VPN tunnel, AGGnat I/F is up. However, this I/F is not seen as SDWAN member.

How can I solve?

Any comments are appreciated.

Best answer by AEK

It looks fine.

Since it is functioning well, I think the red icon is just a cosmetic bug.

dbhavsar

Staff

Good day @HT_JDC ,

- Could you please confirm what firmware version you are using? Or can you try using the CLI?

HT_JDCAuthor

New Member

Hello DNB,

The version is v7.2.0.

I tried it by CLI, however, AGGnat I/F is not seen at "set members".

Thanks in advance for everyone's reply.

AEK

SuperUser

Check if it is already used in some policy or in other configuration.

AEK

HT_JDCAuthor

New Member

Hello AEK,

Thanks. That's the reason.

HT_JDCAuthor

New Member

Hello everyone,

Now it works. Although data communication works well between network device behind FG1 and FG2, FG2 (NAT outside) shows "red" sign.
キャプチャ3.PNG

Is it correct behavior?

BTW, FG1 (NAT inside) shows " green" sign.

Any comments are appreciated.

AEK

SuperUser

Hello

IPsec tunnel shows reg when it is down. It becomes green once it connects.

AEK

HT_JDCAuthor

New Member

Hello AEK,

Even after IPsec tunnel is established, it still shows "Red".

Data communication works behind 2 fortigate. Except "Red", everything is ok.

Is it kind of bug? (I do not know well.)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded