I have FG 81F that has an IPsec Tunnel that active and capable of routing traffic. I can route traffic through the tunnel via static routes but even though I have the default route pointed to the tunnel, it the routing table the default route shows up as leaving through the WAN.
Any suggestions
RTBNRVPN01 (static) # show
config router static
edit 1
set device "BNR-PIT-1"
next
edit 2
set dst 164.52.235.0 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 3
set dst 4.49.109.32 255.255.255.224
set device "wan1"
set dynamic-gateway enable
next
edit 4
set dst 10.0.0.0 255.0.0.0
set device "BNR-PIT-1"
next
Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 166.157.249.1, wan1
S 4.49.109.32/27 [10/0] via 166.157.249.1, wan1
S 10.0.0.0/8 [10/0] via 10.172.0.181, BNR-PIT-1
C 10.172.0.181/32 is directly connected, BNR-PIT-1
C 10.172.0.182/32 is directly connected, BNR-PIT-1
C 10.172.97.0/26 is directly connected, internal1
C 10.172.98.0/26 is directly connected, Security
C 10.172.98.64/26 is directly connected, Guest
C 10.172.98.192/27 is directly connected, Vend
C 10.172.98.224/27 is directly connected, Controls
S 164.52.235.0/27 [10/0] via 166.157.249.1, wan1
C 166.157.249.0/24 is directly connected, wan1
Solved! Go to Solution.
The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.
To fix this, simply lower the AD of the IPsec VPN static route in the configuration.
The Administrative Distance for the "wan1" static route is lower (5) than the default Administrative Distance of the IPsec VPN static route (10). Only routes with same AD but same/different Priorities will be shown in the Active Routing Table. Most likely you are able to see this IPsec VPN static route if you have a look at the Database using the command 'get router info routing-table database'.
To fix this, simply lower the AD of the IPsec VPN static route in the configuration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.