Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek_OLD
New Contributor

Ipsec and SD-WAN

Hi,

I have dual wan on my Fortigate, default route go out using SD-WAN,

my all IPSEC tunnels are assigned to WAN1 interface which is one member of SD-WAN. Now I would like to assign one Ipsec tunnel to WAN2 interface, and tunnel is not working until I add this WAN2 to SD-WAN as second member. 

Is any way in such scenario have working IPSEC on WAN2 and do not adding this link to SD-WAN?

1 REPLY 1
athirat
Staff
Staff

Hello, 

 

Based on the description, issue could be due to the fact there is no route available/active towards the VPN remote gateway via wan2 in the routing-table.  This is why it works when you add wan2 into SDWAN (since default route via wan2 gets active).

 

The way to achieve this without adding wan2 in sdwan would be by adding a specific route for remote gateway via wan2 as below :

 

config router static 

edit <>

set dst <VPN remote gateway ip/32>

set gateway <wan2 gateway>

set device wan2

next

end

 

Hope this helps!