cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1213
Views
0
Helpful
3
Replies
Carl Williams
Beginner

BGP OVER IPSEC (BGP UP) Can't ping remote subnet

Hi All

I have an issue whereby I'm trying to configure BGP over IPSEC. I'm able to bring up BGP over the IPSEC tunnel without any issues, however i'm unable to ping the remote subnet. Can't understand why, however when i use a static route to point traffic through the tunnel i'm able to ping the remote subnet. I would expect BGP to take care of the source and destination routing, I need this feature to be dynamic.

I know this would probably work with GRE tunnels but why does'nt it work without?

Any Ideas

3 REPLIES 3
mvsheik123
Rising star

Hi,

Are you advertising both end subnets via BGP (network statements). Do you see the routes being learned via BGP?

Post configs, if possible.

Thx

MS

Hi

We're advertising both end's within BGP. The basic set up is we have, a fortinet firewall with a tunnel terminating on an ASA with another fortinet behind the ASA. BGP is running between both fortinet's. and the IPSEC tunnels terminate on the ASA's.

Traffic from the fortinet does'nt route through the tunnel unless I put a static route in to point traffic down the tunnel. BGP should be taking care of this function.

regards

Carl Williams

Hi Carl,

If Iam correct, your set up:  Fortinet --> ASA <--Tunnel--> ASA--> Fortinet. BGP between 2 Fortinets. Is it EBGP/IBGP? Where you need to add static route? Is there any other routing protocol thru which your systems learning same network with lower admin distance? That may be one reason you need to add static route.

Thx

MS