IPSEC Tunnel Template BRANCH

kkl · ‎03-25-2023

I'm trying to set up a hub and spoke ipsec environment. However, I am currently getting the following error:

Starting log (Run on device)

Start installing
gen $ config router static
gen (static) $ edit 2
gen (2) $ set device "HUB1-VPN1"
gen (2) $ set comment "VPN: HUB1-VPN1 [Created by IPSEC Template]"
gen (2) $ set dstaddr "HUB1-VPN1_remote_subnet_1"
gen (2) $ next
gen (static) $ edit 3
gen (3) $ set distance 254
gen (3) $ set comment "VPN: HUB1-VPN1 [Created by IPSEC Template]"
gen (3) $ set blackhole enable
gen (3) $ set dstaddr "HUB1-VPN1_remote_subnet_1"
gen (3) $ next
The blackhole route conflicts with the gateway of SD-WAN member 1, gen (static) $ end

---> generating verification report
(vdom root: router static 3:vrf)
remote original: 0
to be installed:

<--- done generating verification report

------- Start to retry --------

gen $ config router static
gen (static) $ edit 3
gen (3) $ unset vrf
gen (3) $ next
The blackhole route conflicts with the gateway of SD-WAN member 1, gen (static) $ end

---> generating verification report
(vdom root: router static 3:vrf)
remote original: 0
to be installed:

<--- done generating verification report

install failed

The Fortimanager tries to delete vrf from the blackhole routing rule:

config router static
edit 3
unset vrf
next
end

does anyone have an idea how I can solve the problem without setting routing to manual?

regards,
Kevin

Anthony_E · ‎03-27-2023

Hello Kevin,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎03-28-2023

Hello Kevin,

Did you try to have a look in our documentation:

https://docs.fortinet.com/document/fortimanager/7.2.2/administration-guide/227089/ipsec-tunnel-templ...

Regards,

Anthony-Fortinet Community Team.

IPSEC Tunnel Template BRANCH

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website