Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kkl
New Contributor

IPSEC Tunnel Template BRANCH

I'm trying to set up a hub and spoke ipsec environment. However, I am currently getting the following error:

Starting log (Run on device)


Start installing
gen $ config router static
gen (static) $ edit 2
gen (2) $ set device "HUB1-VPN1"
gen (2) $ set comment "VPN: HUB1-VPN1 [Created by IPSEC Template]"
gen (2) $ set dstaddr "HUB1-VPN1_remote_subnet_1"
gen (2) $ next
gen (static) $ edit 3
gen (3) $ set distance 254
gen (3) $ set comment "VPN: HUB1-VPN1 [Created by IPSEC Template]"
gen (3) $ set blackhole enable
gen (3) $ set dstaddr "HUB1-VPN1_remote_subnet_1"
gen (3) $ next
The blackhole route conflicts with the gateway of SD-WAN member 1, gen (static) $ end


---> generating verification report
(vdom root: router static 3:vrf)
remote original: 0
to be installed:

<--- done generating verification report

 

------- Start to retry --------

gen $ config router static
gen (static) $ edit 3
gen (3) $ unset vrf
gen (3) $ next
The blackhole route conflicts with the gateway of SD-WAN member 1, gen (static) $ end


---> generating verification report
(vdom root: router static 3:vrf)
remote original: 0
to be installed:

<--- done generating verification report


install failed

The Fortimanager tries to delete vrf from the blackhole routing rule:

config router static
edit 3
unset vrf
next
end

does anyone have an idea how I can solve the problem without setting routing to manual?

regards,
Kevin

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello Kevin,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Kevin,

 

Did you try to have a look in our documentation:

 

https://docs.fortinet.com/document/fortimanager/7.2.2/administration-guide/227089/ipsec-tunnel-templ...

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors