Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MisterAG
New Contributor

Advertise SSLVPN in OSPF

Hi there, I' m trying to advertise my SSLVPN network to a directly connected router. I have established the adjacency, but I am not seeing a route being advertised on the peer router. SSLVPN client IP range: 172.16.254.100-200 (255.255.255.0) Link to peer router: 172.16.1.8 (255.255.255.252) Area 0 is configured with the networks of both interfaces (SSLRoot network and Internal network), and the Internal interface is set as an OSPF interface. I have tried redistributing connected routes into OSPF to no avail. 1) Could I redistribute static routes in successfully? 2) If I need to install static routes, could I selectively choose to redistribute only specific routes?
6 REPLIES 6
doshbass
New Contributor III

Yes, You must create and redistribute static routes for this. You can create distribute lists and access lists to restrict what you redistribnute
Still learning to type " the"
Still learning to type " the"
hanief
New Contributor

hi dude,,
i face this problem. i have followed your sugest but still it doesnt work.
here i attach my configuration

hanief_0-1658746598175.png

hanief_1-1658746618554.png

but unfortunetly this subnet doesnt be advertised on my neighbor router

Toshi_Esumi
Esteemed Contributor III

Go to CLI, first check "show router ospf" to make sure the static route redistribution is enabled. Then "get router info routing-t static" to make sure those static routes you expect to be redistributed are actually active.

 

Toshi

hanief

hanief_1-1658774545519.png

yaa i think it was correct right? or am i missing something?

Toshi_Esumi
Esteemed Contributor III

Isn't 192.168.24.0/24 in the OSFP table? check "get router info ospf route".
The default route wouldn't be advertises unless you configure "set default-information-originate enable" explained in the KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-advertise-a-default-route-in-OSPF/t...

 

Toshi

Toshi_Esumi
Esteemed Contributor III

If the 192 route doesn't show up in "get router info ospf route" somehow, you probably need to open a ticket at TAC to get it looked into much deeper. Nothing should prohibit that route to go into OSPF domain.

 

Toshi

Labels
Top Kudoed Authors