Hello Team,
So i have a query regarding IPSec VPN Tunnel over BGP.
There is BGP on the both side i.e, Remote and Local Site. whereas, the remote site has requested to establish IPSec VPN over BGP. But the problem arise when in the Local site BGP is announced in the Cisco Router.
Do we need to configure the VPN in the VPN Firewall or Cisco Router????
Please share us the solution.
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes.. I have the same query. Can anyone help?
BGP is just for routing to provide the reachability between both ends of the IPsec tunnel. Nothing is different from you set the routing up all static routes. Based on the diagram, I'm assuming both sites are peering with each (or the same) ISP with BGP. If the Cisco router on the local side is NATing traffic and the FGT doesn't have a (static) public IP, reachable from the remote end, itself, you need to configure aggressive mode (IKEv1) or dynamic (IKEv2) on the local side.
Toshi
In case of routing (Dynamic/ Static) between 2 VPN devices (Router/ Firewall) should be configured on those devices.
Other than those 2 devices all other intermediate devices are just ensuring the reachability between 2 devices. Those devices (in most cases ISP) may follow any routing protocol.
I am sharing the following article as a reference
https://community.fortinet.com/t5/FortiGate/Technical-Note-Dynamic-routing-BGP-over-IPsec-tunnel/ta-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1661 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.