We have a 3rd party who uses AWS for their VPN
we have a Fortigate 601E
The configuration we received from AWS is using BGP, I tried configuring but will not come up.
I think the problem is with the provided local and remote addresses.
Inside IP Addresses
- Customer Gateway : 169.254.170.166/30
- Virtual Private Gateway : 169.254.170.165/30
In Phase 2 selectors when I try and eter the above,it comes back with
169.254.170.164/30 for both
and the tunnel will not come up.
If I change the Ip addresses to normal subnets, that reside at local and remote, the tunnel comes up, but of course it wont pass any traffic
Solved! Go to Solution.
I found my problem, being relatively new to Fortigate. I was trying to put the Tunnel IP addresses in the Phase 2 selectors, instead of Global>network>interfaces
Hi commsrbrad1,
Pleaes have a look at this article explaining how to set up BGP:
You can add your IPSec and BGP config here for quick review.
Thanks,
Shahan
Can this setup only be done from CLi? I am trying to use the VPN wizard
Hi commsrbrad1,
Yes, you can do it from CLI as well.
Just make sure that firewall policies, VPN settings and BGP config is there.
Thanks,
Shahan
I found my problem, being relatively new to Fortigate. I was trying to put the Tunnel IP addresses in the Phase 2 selectors, instead of Global>network>interfaces
Hi commsrbrad1,
Good to know this. Please mark this thread as resolved if the issue is fixed using the article we shared.
Thanks,
Shahan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.