Showing results for 
Search instead for 
Did you mean: 

Routing L3 traffic to L2

Eric Tan

hi all,

I intend to implement a Fortigate 300D firewall to my current network. After connecting all physically, the link from ASR to Fortigate can ping.

Taken that there is no policy in the firewall, everything is allowed. The traffic from server cannot route out of the ASR.

I have no idea how to route the traffic from L3 to L2.

Appreciate any advice. Have attached the network diagram and ASR config.


Mohammad Alhyari
Cisco Employee
Cisco Employee

As per your diagram the following routes should be there:

1- servers GW is the firewall

2- Firewall should have a default route pointing to the facing ASR interface.

3- The ASR should have a static route for the servers ip addresses pointing to the Firewall facing interface.



As Mohammad mentioned, verify the static routes on the Fortinet, I remember they are on the Route Section. 

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

hi all, the Fortigate is actually managed by my 3rd party developer. They just want to tap on to our infra. I belive they will config as they have use the same firewall in other deployments.

For ASR part, i have added this route - ip route

But still don't seem to work.

Im suspecting the routing have to do in the BGP portion ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: