When an ADVPN shortcut is created, obviosuly the connection will go from whatever ISP(s) you're using to the other Spokes Public IP(s). This creates the transit connection for the tunnel to be created in the first place.
So, do you have to configure a default route for each ISP/Connection that you use, and then how does that work if you receive a default over a tunnel interface with ADVPN as a default route?
I can always create a static route for a Public IP of the other end of the shortcut tunnel, but that seems a bit tedious and not the best way to do things imo, considering if IPs and NAT'd or change, you can't really keep up with that.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So, do you have to configure a default route for each ISP/Connection that you use, and then how does that work if you receive a default over a tunnel interface with ADVPN as a default route?
> Yes, you need connectivity towards the peer and that requires a route. With regards to the default route via ADVPN, this is controlled by the underlying dynamic routing protocol BGP/OSPF/RIP, and we need to make sure the correct subnets are only advertised.
I can always create a static route for a Public IP of the other end of the shortcut tunnel, but that seems a bit tedious and not the best way to do things imo, considering if IPs and NAT'd or change, you can't really keep up with that
> ADVPN supports aggressive mode tunnels as well, this can eliminate the IP change/NAT issues.
The PDF file on this article may be helpful - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Fortinet-Auto-Discovery-VPN-ADVPN/ta-p/195...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.