- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiWIfI 90d ROUTING TABLE
Thank you for accepting my request.
I'm setting up vpn on FortiWiFi 90D and trying to create a static route. For some weird reason, it won't populate in the routing table. If i try to add a static route to an old existing tunnel setup on the device, it works. any ideas what could be the problem here ? I was able to setup the same vpn configuration on another fortiWiFi 90D at different location without any issues! v5.2.11,build754 Priority set to zero and distance to 10. Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the tunnel up? Otherwise it won't show up in the table. You can still see it in CLI "get router info routing-t database" as "inactive".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the tunnel is up. The only difference between both firewalls that the one i'm using issues with setup with broadband service using PPPOE and the other firewall that worked is using fixed IP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It wouldn't be a matter if the tunnel comes/goes over a PPPoE interface or a static interface as long as you set a static route into the tunnel interface. Does it show up in the database in the CLI I mentioned above?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it's showing inactive using the CLI.
C *> 169.254.45.209/32 is directly connected, vpn-4f35252e-1
C *> 169.254.45.210/32 is directly connected, vpn-4f35252e-1
C *> 169.254.47.157/32 is directly connected, vpn-4f35252e-0
C *> 169.254.47.158/32 is directly connected, vpn-4f35252e-0
S 172.31.0.0/16 [10/0] via 169.254.45.209, vpn-4f35252e-1 inactive
[10/0] via 169.254.47.157, vpn-4f35252e-0 inactive
I also confirmed that the tunnel is up via get router info routing-table details
so i'm not sure why the static routes are still inactive ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have experience with AWS VPC VPNs but I still think your FG thinks the tunnel (redundant tunnels?) is not fully up.
Check "get vpn ipsec tun sum" to see the status. It should look like below if it's up:
(hostname) # get vpn ipsec tun sum 'XXXXtest1' xxx.xxx.xxx.xxx:0 selectors(total,up:( 1/1 rx(pkt,err): 257/0 tx(pkt,err): 257/7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This is what i see from the command. It shows up but i see a lot errors.
'vpn-4f35252e-0' 52.202.144.5:4500 selectors(total,up): 1/1 rx(pkt,err): 0/0 tx(pkt,err): 0/120465
'vpn-4f35252e-1' 54.172.182.145:4500 selectors(total,up): 1/1 rx(pkt,err): 0/0 tx(pkt,err): 0/127993
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then I have no idea why not. As you showed they're up.