Filter OSPF routes from specific Neighbor

Muhammad_Atif_Jauhar · ‎06-21-2016

Hi,

I have following Topology, All devices in OSPF Area 0.

192.168.101.0/24 ------ Port 1------ Port 1 ------ 192.168.201.0/24

Fortigate HO Port 2------ Port 2 Fortigate Remote

192.168.102.0/24 ------ IPSec------ IPSec ------ 192.168.202.0/24

I have three neighborship between both Fortigate and ECMP configured.

I have following questions:

First question: Is there any option to filter route (192.168.101.0/24) to be learned by IPSec at Foritgate Remote. So that all traffic for 192.168.101.0/24 will load balance between Port 1 and Port 2.

Second question: I am getting routes 192.168.101.0/24 at Remote learned by all three neighbors and load balancing is configured between them. I want to pass traffic of 192.168.101.100/32 and 192.168.101.101/32 only to Port 1 and Port 2 and deny this traffic to pass through IPSec.

Muhammad_Atif_Jauhar · ‎06-22-2016

Hi,

For answer of first question:

I want to restrict one subnet to be advertise to/from IPSec tunnel but it should advertise to other links (Port1 and Port2).

For answer of second question:

Once I put policy to deny traffic via IPSec. Its drop my all traffic from 192.168.201.0/24 and 192.168.202.0/24 to 192.168.101.100/32 and 192.168.101.101/32 though I have another policy which allow traffic via Port 1 and Port 2. May be due to once traffic reach Firewall next hop selected is IPSec tunnel due to ECMP.

Rafael_Rosseto · ‎07-04-2016

Hello,

Are you able to accomplish this?

Filter OSPF routes from specific Neighbor

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website