[Fortigate] Hub-and-spoke ADVPN using IPsec VPN wizard/Dynamically add spokes using autoconfig key
Вставка
- Опубліковано 8 вер 2024
- How to configure Hub-and-spoke ADVPN using IPsec VPN wizard
Auto-discovery Hub and spoke VPN with BGP as routing protocol
Add multiple spokes using the autoconfiguration key
Reference Topology: techtalksecuri...
================================
Please donate to support the channel:
UPI: techtalksecurity@axl
PayPal: sumitnick4@gmail.com
================================ - Наука та технологія
![[Fortigate] Hub-and-Spoke VPN configuration](/img/n.gif)
Nice! This really helped me understand ADVPN. I love how you showed every step and that you didn't edit away mistakes, that way we also learned how to troubleshoot. Thanks man!
Thank you sir please do another one ad vpn with sd wan as well
Very nice and informative.
Also, What do I need to check if I'm unable to ping the HUB from the spokes in my scenario but spokes can able to ping each other. Also, my setup is slightly different as I'm using 2 WAN connections- Primary and Failover.
Thank you for video. This solution is similar as Cisco DMVPN, but from this video i see that communication between spokes going through hub, in DMVPN Spoke dynamicaly establish tunnel with help of NHRP protocol and communicate directly which is benefit. Is this possible in this Fortigate ADVPN ? Also i am interested to see steps for creating this ADVPN mannualy not through wizard for better understanding.
Yes.hub and spoke motive is to connect all spoke to HUB dynamically and administer the traffic through Hub. Many vendors have tweaker the protocol to allow spoke to spoke communication as well like ADVPC in Juniper or Cisco.
@@sumitnick4 Thanks for aswer. I am wonder is it possible to confgireu Fortigate ADVPN mannualy thorugh GUI ? I found if we dont use ipsec hub and spoke template, and if want to configure ADVPN it is possible only through CLI?
it is
@@mirzadzafic8999
Very informative , in real time does it requires public ip to be on both hub and spoke site or only hub site is enough
public IP on hub and NAT-T enabled will also work
in my similar tapology in EVE NG home setup...spokes to spokes communication is not dynamically pinging while the spokes can talk to the hub bidirectionally.. I am figuring out why spokes are not pinging ?
take a debug to check what is causing the ping to fail
Nice! Thanks for the video. I believe you are using private Ip address 192.168 as you are within the premises. This will be same if we use the public Ip address. Please comment.
Yes
yes u can use public address also
no probleme
If I want to deny the traffic between spokes by default, how to do that?
The spoke only can communicate with the HUB
You can tune the policy to allow or deny the source or destination