Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Missing route/rule for 2x ADVPN?

Currently running ADVPN to connect our branches to our core. I've added ADVPN-BACKUP for branches which uses the 2nd ISP in our core. It connects fine and can access resources in the core. What it can't do is communicate with other sites that are on the primary. ie. ADVPN-MAIN cannot communicate with ADVPN-BACKUP and vice versa but both can communicate with the core just fine. I'd like to allow the branches to select either the main or backup based on latency so I need to get communication between the two of them. Is this a route or rule that I'm missing somewhere? I can post the relevant portions of the config if necessary.


Trace shows:


d=20085 trace_id=7263 func=resolve_ip_tuple_fast line=5746 msg="Find an existing session, id-20e29eb9, original direction"
id=20085 trace_id=7263 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=7263 func=ipsecdev_hard_start_xmit line=789 msg="enter IPsec interface-ADVPN"
id=20085 trace_id=7263 func=ipsecdev_hard_start_xmit line=854 msg="Failed to find IPsec Common: ADVPN"