Hello,
IPsec aggregation I/F is not seen when I try to input it as SDWAN member.
Here is my environment.
(wan1) --- NAT router1 --- (wan2)
FG1 FG2
(wan2) --- NAT router2 --- (wan2)
At FG1, as VPN tunnel, vpn1_1 and vpn1_2 are created
And AGGnat I/F is created as aggregation of the both.
At FG2, the situation is similar.
In VPN tunnel, AGGnat I/F is up. However, this I/F is not seen as SDWAN member.
How can I solve?
Any comments are appreciated.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It looks fine.
Since it is functioning well, I think the red icon is just a cosmetic bug.
Can you compare the IPsec aggregate config on the two FGs?
config system ipsec-aggregate
Hello AEK,
Thanks for your reply. Both are the same.
<FG1>
config system ipsec-aggregate
edit "AGGnat"
set member "vpn1_1" "vpn1_2"
set algorithm weighted-round-robin
next
end
<FG2>
config system ipsec-aggregate
edit "AGGnat"
set member "vpn2_1" "vpn2_2"
set algorithm weighted-round-robin
next
end
For information.
<FG1 vpn1_1: config vpn ipsec phase1-interface>
edit "vpn1_1"
set interface "wan1"
set peertype any
set net-device disable
set aggregate-member enable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set remote-gw zzz.zzz.zzz.zzz
set psksecret xxxxx
next
<FG2 vpn2_1: config vpn ipsec phase1-interface>
edit "vpn2_1"
set type dynamic
set interface "wan1"
set peertype any
set net-device disable
set aggregate-member enable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set dpd on-idle
set psksecret xxxxx
set dpd-retryinterval 60
next
Any comments are appreciated.
It looks fine.
Since it is functioning well, I think the red icon is just a cosmetic bug.
Dear AEK,
Thanks for your confirmation. I am relieved to hear it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.