Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajamanickam
Contributor

ADVPN - Child Tunnel interface

Hello,

 

  I am having query on SDWAN ADVPN child tunnel interface sequence.

 

In my LAB topology I have 1 Hub and 3 Branches with internet underlays. We have necessary ADVPN configurations available in Hub and spoke branches

 

Scenario, We have VPN named as ADVPN

Branch 1 communicating to Branch 2 - This will form ADVPN child tunnel interface ADVPN_0 at both end (Branch1 and Branch2)

Branch 3 communicating to Branch 1 - This will form ADVPN child tunnel interface ADVPN_0 at Branch3 but since Branch1 already has ADVPN_0 (towards Branch2), at Branch 1 ADVPN_1 child tunnel interface will be created to Branch3..

 

Whether this scenario is ok ??.. I mean Branch 1 has ADVPN_1 child tunnel interface to Branch 3 while in reverse path Branch 3 has ADVPN_0 child tunnel interface towards Branch 1.. Having two different child tunnel interface at both end is ok or is it an issue?? Whether this will cause any route lookup failure in reverse path considering no interface available.. Please clarify

 

Regards

Raja

1 Solution
distillednetwork
New Contributor III

Yes, this is perfectly normal.  The interface name is only important to the device it is on and is not known by the remote endpoint.  Since ADVPN is autogenerated, it will always create a new tunnel with the next available integer after it.

 

View solution in original post

2 REPLIES 2
distillednetwork
New Contributor III

Yes, this is perfectly normal.  The interface name is only important to the device it is on and is not known by the remote endpoint.  Since ADVPN is autogenerated, it will always create a new tunnel with the next available integer after it.

 

rajamanickam

Thank you for your clarification on this..