- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ipsec and SD-WAN
Hi,
I have dual wan on my Fortigate, default route go out using SD-WAN,
my all IPSEC tunnels are assigned to WAN1 interface which is one member of SD-WAN. Now I would like to assign one Ipsec tunnel to WAN2 interface, and tunnel is not working until I add this WAN2 to SD-WAN as second member.
Is any way in such scenario have working IPSEC on WAN2 and do not adding this link to SD-WAN?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Based on the description, issue could be due to the fact there is no route available/active towards the VPN remote gateway via wan2 in the routing-table. This is why it works when you add wan2 into SDWAN (since default route via wan2 gets active).
The way to achieve this without adding wan2 in sdwan would be by adding a specific route for remote gateway via wan2 as below :
config router static
edit <>
set dst <VPN remote gateway ip/32>
set gateway <wan2 gateway>
set device wan2
next
end
Hope this helps!