Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kadkwai
New Contributor

FortiWIfI 90d ROUTING TABLE

Thank you for accepting my request. 

 

I'm setting up vpn on FortiWiFi 90D and trying to create a static route. For some weird reason, it won't populate in the routing table. If i try to add a static route to an old existing tunnel setup on the device, it works.     any ideas what could be the problem here ?    I was able to setup the same vpn configuration on another fortiWiFi 90D at different location without any issues!    v5.2.11,build754  Priority set to zero and distance to 10.    Thank you,

 

8 REPLIES 8
Toshi_Esumi
SuperUser
SuperUser

Is the tunnel up? Otherwise it won't show up in the table. You can still see it in CLI "get router info routing-t database" as "inactive".

kadkwai

Yes, the tunnel is up. The only difference between both firewalls that the one i'm using issues with setup with broadband service using PPPOE and the other firewall that worked is using fixed IP. 

 

 

Toshi_Esumi

It wouldn't be a matter if the tunnel comes/goes over a PPPoE interface or a static interface as long as you set a static route into the tunnel interface. Does it show up in the database in the CLI I mentioned above?

kadkwai

The command didn't work but it shows in GUI. It's also showing UP from the other end (AWS)
kadkwai

it's showing inactive using the CLI. 

 

C    *> 169.254.45.209/32 is directly connected, vpn-4f35252e-1

C    *> 169.254.45.210/32 is directly connected, vpn-4f35252e-1

C    *> 169.254.47.157/32 is directly connected, vpn-4f35252e-0

C    *> 169.254.47.158/32 is directly connected, vpn-4f35252e-0

S       172.31.0.0/16 [10/0] via 169.254.45.209, vpn-4f35252e-1 inactive

                      [10/0] via 169.254.47.157, vpn-4f35252e-0 inactive

 

I also confirmed that the tunnel is up via get router info routing-table details

so i'm not sure why the static routes are still inactive ? 

Toshi_Esumi
SuperUser
SuperUser

I don't have experience with AWS VPC VPNs but I still think your FG thinks the tunnel (redundant tunnels?) is not fully up.

Check "get vpn ipsec tun sum" to see the status. It should look like below if it's up:

(hostname) # get vpn ipsec tun sum 'XXXXtest1' xxx.xxx.xxx.xxx:0  selectors(total,up:( 1/1  rx(pkt,err): 257/0  tx(pkt,err): 257/7

kadkwai

Hi,

 

This is what i see from the command. It shows up but i see a lot errors. 

 

 

'vpn-4f35252e-0' 52.202.144.5:4500  selectors(total,up): 1/1  rx(pkt,err): 0/0  tx(pkt,err): 0/120465
'vpn-4f35252e-1' 54.172.182.145:4500  selectors(total,up): 1/1  rx(pkt,err): 0/0  tx(pkt,err): 0/127993
Toshi_Esumi
SuperUser
SuperUser

Then I have no idea why not. As you showed they're up.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors