Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
commsrbrad1
New Contributor II

Fortigate to AWS VPN usinf BGP

We have a 3rd party who uses AWS for their VPN

we have a Fortigate 601E

The configuration we received from AWS is using BGP, I tried configuring but will not come up.

I think the problem is with the provided local and remote addresses.

 

Inside IP Addresses
- Customer Gateway : 169.254.170.166/30
- Virtual Private Gateway : 169.254.170.165/30

In Phase 2 selectors when  I try and eter the above,it comes back with

169.254.170.164/30 for both

and the tunnel will not come up.

If I change the Ip addresses to normal subnets, that reside at local and remote, the tunnel comes up, but of course it wont pass any traffic

 

1 Solution
commsrbrad1
New Contributor II

I found my problem, being relatively new to Fortigate. I was trying to put the Tunnel IP addresses in the Phase 2 selectors, instead of Global>network>interfaces

View solution in original post

5 REPLIES 5
sagha
Staff
Staff

Hi commsrbrad1, 

 

Pleaes have a look at this article explaining how to set up BGP: 

https://community.fortinet.com/t5/FortiGate/Technical-Note-Dynamic-routing-BGP-over-IPsec-tunnel/ta-...

 

You can add your IPSec and BGP config here for quick review.

 

Thanks, 

Shahan

commsrbrad1
New Contributor II

Can this setup only be done from CLi? I am trying to use the VPN wizard

sagha
Staff
Staff

Hi commsrbrad1, 

 

Yes, you can do it from CLI as well. 

 

Just make sure that firewall policies, VPN settings and BGP config is there.

 

Thanks,
Shahan

commsrbrad1
New Contributor II

I found my problem, being relatively new to Fortigate. I was trying to put the Tunnel IP addresses in the Phase 2 selectors, instead of Global>network>interfaces

sagha

Hi commsrbrad1, 

 

Good to know this. Please mark this thread as resolved if the issue is fixed using the article we shared. 


Thanks, 

Shahan

Labels
Top Kudoed Authors