# config router bgpLoopback Interface configuration.
set as 65101
set router-id 1.1.1.1
# config neighbor
edit "10.20.16.1"
set soft-reconfiguration enable
set remote-as 65102
set update-source "Loopback_bgp"
next
end
# config network
edit 1
set prefix 172.17.8.0 255.255.255.0
next
end
end
# config system interfaceTunnel Interface configuration.
edit "Loopback_bgp"
set vdom "root"
set ip 10.20.16.2 255.255.255.255
set allowaccess ping
set type loopback
set role lan
set snmp-index 15
next
end
# config system interfaceRunning debugs.
edit "VPN-BGP"
set vdom "root"
set ip 10.20.16.4 255.255.255.255
set allowaccess ping https http
set type tunnel
set remote-ip 10.20.16.1 255.255.255.255
set role lan
set snmp-index 4
set interface "wan1"
next
end
FGT # diagnose ip router bgp level infoIn the debugs, it shows that route is denied hence is not being installed to routing table.
FGT # diagnose ip router bgp all enable
FGT # diagnose debug enable
BGP: 10.20.16.1-Outgoing [RIB] Update: Prefix 172.17.8.0/24 path_id 0 denied due to non-connected next-hopSolution.
# config router bgpSince the update source is configured as Loopback, FortiGate considers the interface to be not directly connected therefore its necessary to introduce command 'set ebgp-enforce-multihop enable'.
# config neighbor
edit "10.20.16.1"
set soft-reconfiguration enable
set remote-as 65102
set update-source "Loopback_bgp"
set ebgp-enforce-multihop enable
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.