BGP over IPSec VPN Tunnel Query

Ronish_Shrestha · ‎08-01-2024

Hello Team,

So i have a query regarding IPSec VPN Tunnel over BGP.

There is BGP on the both side i.e, Remote and Local Site. whereas, the remote site has requested to establish IPSec VPN over BGP. But the problem arise when in the Local site BGP is announced in the Cisco Router.

Do we need to configure the VPN in the VPN Firewall or Cisco Router????

Please share us the solution.

Thank you

Ronish

ShaileshMdr · ‎08-02-2024

Yes.. I have the same query. Can anyone help?

#nse4

Toshi_Esumi · ‎08-02-2024

BGP is just for routing to provide the reachability between both ends of the IPsec tunnel. Nothing is different from you set the routing up all static routes. Based on the diagram, I'm assuming both sites are peering with each (or the same) ISP with BGP. If the Cisco router on the local side is NATing traffic and the FGT doesn't have a (static) public IP, reachable from the remote end, itself, you need to configure aggressive mode (IKEv1) or dynamic (IKEv2) on the local side.

Toshi

Mrinmoy · ‎08-02-2024

In case of routing (Dynamic/ Static) between 2 VPN devices (Router/ Firewall) should be configured on those devices.

Other than those 2 devices all other intermediate devices are just ensuring the reachability between 2 devices. Those devices (in most cases ISP) may follow any routing protocol.

I am sharing the following article as a reference

https://community.fortinet.com/t5/FortiGate/Technical-Note-Dynamic-routing-BGP-over-IPsec-tunnel/ta-...

Mrinmoy Purkayastha

BGP over IPSec VPN Tunnel Query

Nominate a Forum Post for Knowledge Article Creation