Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NotMine
Contributor II

Created on ‎05-05-2016 04:07 PM

WAN Link Load Balancing + Dial-Up IPsec VPN = A Mess

Hello everyone, it's been a while since I've visited this place.

 

I have a strange problem (or a couple of them.....) and I hope someone will be able to help me understand what's causing them. I have 3 Internet connections on a FGT-500D. Two ADSL lines are joined in a WAN Link Load Balancing (LLB) interface. This WAN LLB interface is my default static route to the Internet. The third Internet connection has a static IP, and I'm trying to use it as an VPN endpoint for dial-up VPN clients. The first issue I'm facing is that I cannot add another default static route (with different priority) when a static default route is already entered via WAN LLB. I get an error message "A duplicate entry is found". Two or more static default routes are usually possible to be entered, when there's no WAN LLB.

 

I've tried correcting the problem with Policy Based Routing, but it's simply not working. Here's some IKE debug output (larger image:(

 

Any ideas?

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
Labels:
3988
0 Kudos
1 Solution
ede_pfau
SuperUser
SuperUser

Created on ‎05-06-2016 03:23 AM

Trying to be pragmatic: discard the WAN LLB and build 2 ECMP def.routes plus one with higher priority. Remember: "priority" = "cost".

(of course, no fun on a production FGT)

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

Ede Kernel panic: Aiee, killing interrupt handler!
1269
0 Kudos
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Created on ‎05-06-2016 03:23 AM

Trying to be pragmatic: discard the WAN LLB and build 2 ECMP def.routes plus one with higher priority. Remember: "priority" = "cost".

(of course, no fun on a production FGT)

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
1270
0 Kudos
NotMine
Contributor II
In response to ede_pfau

Created on ‎05-18-2016 02:44 PM

Thank you Ede,

 

I've done exactly that. I guess Wan Link Load Balancing is meant for simple point-and-click scenarios and should be avoided in larger environments.

 

Cheers!

Slavko

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
1226
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.