Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
msussman89
New Contributor

Static default to VPN Tunnel not in routing table

I have FG 81F that has an IPsec Tunnel that active and capable of routing traffic. I can route traffic through the tunnel via static routes but even though I have the default route pointed to the tunnel, it the routing table the default route shows up as leaving through the WAN. 


Any suggestions

 

 

RTBNRVPN01 (static) # show
config router static
edit 1
set device "BNR-PIT-1"
next
edit 2
set dst 164.52.235.0 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 3
set dst 4.49.109.32 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 4
set dst 10.0.0.0 255.0.0.0
set device "BNR-PIT-1"
next

 


Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 166.157.249.1, wan1
S 4.49.109.32/27 [10/0] via 166.157.249.1, wan1
S 10.0.0.0/8 [10/0] via 10.172.0.181, BNR-PIT-1
C 10.172.0.181/32 is directly connected, BNR-PIT-1
C 10.172.0.182/32 is directly connected, BNR-PIT-1
C 10.172.97.0/26 is directly connected, internal1
C 10.172.98.0/26 is directly connected, Security
C 10.172.98.64/26 is directly connected, Guest
C 10.172.98.192/27 is directly connected, Vend
C 10.172.98.224/27 is directly connected, Controls
S 164.52.235.0/27 [10/0] via 166.157.249.1, wan1
C 166.157.249.0/24 is directly connected, wan1

1 Solution
bmiranda
Staff
Staff

The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.

To fix this, simply lower the AD of the IPsec VPN static route in the configuration.

View solution in original post

1 REPLY 1
bmiranda
Staff
Staff

The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.

To fix this, simply lower the AD of the IPsec VPN static route in the configuration.

Labels
Top Kudoed Authors