Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Behzadawesome
New Contributor

Fortigate 6.2.7 GRE/IPSec tunnel symmetric path

Dear all,

I have a situation that I have found it difficult to manage. Any help is very much appreciated.

I have a Fortigate 100F running in FortiOS 6.2.7 and is used as the IPSec tunnel end-point in the HQ. The other end of the IPSec tunnels are branch routers (third-party devices).

the HQ has two different Internet provider with their assigned IP addresses that are not routable between each other. In another words, IP addresses assigned by provider A is not routable via provider B and vice versa.

 

There is a need to establish two IPSec tunnel (Tunnel_A, and Tunnel_B) from branch toward the HQ Fortigate which Tunnel_A at the branch router is point to the HQ's Provider A ip address (assigned on Fortigate) and Tunnel_B to the HQ's provider B IP address (assigned on Fortigate)

 

The default route is point toward the Provider A.

The problem raises when the Tunnel_B traffic from branches pointing to the Provider_B, however, the egress traffic from fortigate is matching the default routing table and is not using the interface that it comes.

 

Any help is very much appreciated.

 

With regards

 Behzad

1 REPLY 1
40james_FTNT
Staff
Staff

Try putting at the HQ Firewall the interface for provider A in vrf1 and the interface for provider B in vrf2. Make sure each vrf has their own default gw to the respective providers when you check the routing "get router info routing-table all". Good Luck!
James (Jim) Hilving
Consulting Systems Engineer - CSE Team
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors