Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor

EIGRP between routers connecting to fortigate

Hi,

I have two routers serving a lot of EIGRP neighbors and are neighbors together. I have to use a Fortigate device between two routers and prefer to configure it in NAT mode. Putting the Fortigate in between, the EIGRP neighborship breaks and the dynamic routing protocol fails even if I set any any allow rule between two points. As a matter of fact, somehow it is not possible to use different IP sets at both sides and fire up the routing protocol. So, what are my choices?

 

Do static routing?

configure the firewall in transparent mode?

do any special config to make the EIGRP protocol work in this way?

 

Any help is appreciated

 

 

1 Solution
mhdganji
Contributor

I used a transparent VDOM, a little challenges but done !

View solution in original post

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor II

Without having much knowledge about EIGRP, the first thing came to my mind is a tunnel like GRE or IPSec between them through the FGT, then you can use a single subnet for neighboring.

 

Then when I looked up "EIGRP multihop" on the internet, I found a bunch of documentation with "EIGRP OTP(over the top)" like below:
https://www.packet-forwarding.net/2014/10/09/eigrp-otp-example/

 

The concept seems to be similar to setting up a tunnel but originally designed to use BGP over the internet as underlying protocol. But seems to work even without it as long as both ends can reach each other like in the above article.

In any case, it's about how to set up Cisco routers at both ends so it's much proper to ask it at Cisco Community instead for this option.

 

Toshi

 

mhdganji

If you tunnel via GRE or anything, traffic will not be examined and no security policy works. I already tested it to make sure and was right and it should be this way.

 

BGP, OSPF and route redistribution is a choice but complex to implement and tshoot.

 

I will ask in Cisco forums but the first answer is routing protocols redistribution and static routing. I'm asking here because maybe something like Wire Pair or Multicasting or transparent mode is an option ...

 

EIGRP OTP ... I should read about it 

Toshi_Esumi
Esteemed Contributor II

Transparent mode should always be an option. I never used it before so I let someone else to comment.

 

Toshi

mhdganji
Contributor

I used a transparent VDOM, a little challenges but done !