FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure multiple VPN tunnels from the same ISP to the same remote peer ISP.
BR-1 has HUB1-VPN1 and HUB1-VPN3 VPN tunnels that are pointing to the same ISP at the Hub. The same goes for Hub's VPN1 and VPN3 tunnels. Due to this, VPN3 at the Hub and HUB1-VPN3 at BR-1 are not coming up.
Configure network-overlay on the VPN tunnels.
# config vpn ipsec phase1-interface edit "VPN1" set network-overlay enable set network-id 1 next edit "VPN3" set network-overlay enable set network-id 3 next end
# config vpn ipsec phase1-interface edit "HUB1-VPN1" set network-overlay enable set network-id 1 next edit "HUB1-VPN3" set network-overlay enable set network-id 3 next end
While specifying peer and local IDs can be used to achieve the same results, Network Overlay and ID are required when configuring ADVPN with Multiple Hubs because a Hub fail-over may trigger the same shortcut between two Spokes.