Hey Devin, First I want to say how much I enjoy your videos. They have been very helpful. I was not sure if you have seen in FortiOS 6.2.2 that there is now a Wizard to create the Hub and Spoke ADVPN using BGP! I actually went thru it in my lab and it worked. The only issue was it did not create a policy on the Hub allowing LAN traffic to each of the spoke. This is in the latest Cookbook for 6.2.2. Just wanted to share in case you have not seen it yet.
Nice setup Devin. I am working on the ADVPN having 2 Hubs on the same device. One ADVPN for sites with MPLS and the other on regular internet. The challenge i am currently facing is getting the sites on separate ADVPN talking to each over. I am running iBGP for this as well
Hey bud, nice to hear from you again. I'm nowhere near my lab environment but I would check the logs on the individual devices to see why they are not talking and go from there. That would be my next step.
Hi Devin, Is there any possibility to configure the Hub & Spoke for DC and DR method. Incase of the DC got failed, DR will take traffic failover from and to the spoke networks. Even theugh the VXLAN will get passed by the both network to identify the local network reachability.
Hello Devin, great video, we are already doing advpn not sure if it is set up correctly, wanted to see if you have any videos with multiple hubs advpn with sdwan videos?
Why would the Shortcuts Fail all the time? I constantly get id=20085 trace_id=10318 func=ipsecdev_hard_start_xmit line=692 msg="enter IPsec interface-advpn_1" id=20085 trace_id=10318 func=ipsec_common_output4 line=806 msg="SA is not ready yet, drop" It works at first, then stops working, then starts working, then stops again. I am starting to think Fortinets ADVPN is trash.
I'm testing with 2 physical devices and running into an issue where HUB1's advpn tunnel interface is responding on the proposals for the inter HUB VPN. I'm kind of lost :(
I suggest downloading the KB documentation and don't forget if you have a support contract, you can call the TAC for help. Sorry youre having issues but it can be confusing to configure for sure! Also, someone mentioned a wizard in 6.2.2. Haven't tried it myself but it sounds promising.
Mr Devin When i made any configurations on my devices.in GNS3 i can’t get it . When i created new project lab What is the solutions for that issue Thanks in advance
Every thing is worked But the main problem for example if i installed any application or saved any data in windows like google chrome When i create new project in gns3 i won’t get that it will started from the beginning
Okay I got you. Unfortunately that is actually how it works. It's the fact that it's using trial VMs, you want to make sure that you get a fresh install to reset that trial timer every time you drop a machine. I usually use a website like ninite.com to quickly install the applications I need. In the cases where I have open source software that doesn't expire license wise, such as the Linux routers created for these labs, there is an option on the appliance template that says something like make this the base machine image. If you uncheck that option, load a VM in gns3, add whatever software you want and make whatever changes you like, power down the VM, and then go back to the template and check the option back on. You will now have a base image with the software installed and the device configured the way that you wanted to. I can't remember off the top of my head but I believe there are videos in my gns3 playlist about this somewhere. Someday down the road I am going to re-record my creating a lab from scratch videos now that gns3 2.2 is out. I hope that helps and that's not too confusing!
Old but gold. It's time to make these videos on 7.0 and 7.2....
Hey Devin,
First I want to say how much I enjoy your videos. They have been very helpful.
I was not sure if you have seen in FortiOS 6.2.2 that there is now a Wizard to create the Hub and Spoke ADVPN using BGP! I actually went thru it in my lab and it worked. The only issue was it did not create a policy on the Hub allowing LAN traffic to each of the spoke. This is in the latest Cookbook for 6.2.2.
Just wanted to share in case you have not seen it yet.
Thanks for the heads up! I knew the feature was supported but I had no idea there was a wizard!!!!I'll have to check it out!
Nice setup Devin. I am working on the ADVPN having 2 Hubs on the same device. One ADVPN for sites with MPLS and the other on regular internet. The challenge i am currently facing is getting the sites on separate ADVPN talking to each over. I am running iBGP for this as well
Hey bud, nice to hear from you again. I'm nowhere near my lab environment but I would check the logs on the individual devices to see why they are not talking and go from there. That would be my next step.
Hi Devin,
Is there any possibility to configure the Hub & Spoke for DC and DR method. Incase of the DC got failed, DR will take traffic failover from and to the spoke networks. Even theugh the VXLAN will get passed by the both network to identify the local network reachability.
Hello Devin, great video, we are already doing advpn not sure if it is set up correctly, wanted to see if you have any videos with multiple hubs advpn with sdwan videos?
Devin Adams, i have configured BGP failover in the same equipment with SD-WAN
Hello Miguel, can you share with me how you do your config??
thanks
Excellent - thank you for this.
Why would the Shortcuts Fail all the time? I constantly get
id=20085 trace_id=10318 func=ipsecdev_hard_start_xmit line=692 msg="enter IPsec interface-advpn_1"
id=20085 trace_id=10318 func=ipsec_common_output4 line=806 msg="SA is not ready yet, drop"
It works at first, then stops working, then starts working, then stops again.
I am starting to think Fortinets ADVPN is trash.
Do we must configure advpn from cli?
I'm testing with 2 physical devices and running into an issue where HUB1's advpn tunnel interface is responding on the proposals for the inter HUB VPN. I'm kind of lost :(
I suggest downloading the KB documentation and don't forget if you have a support contract, you can call the TAC for help. Sorry youre having issues but it can be confusing to configure for sure!
Also, someone mentioned a wizard in 6.2.2. Haven't tried it myself but it sounds promising.
Devin Adams I found your video after I found the KB. I just dont get why my P1 for advpn is responding on proposals from the HUB P1. Aaarg
Mr Devin
When i made any configurations on my devices.in GNS3 i can’t get it . When i created new project lab
What is the solutions for that issue
Thanks in advance
I would love to help. What specifically isn't working?
Every thing is worked
But the main problem for example if i installed any application or saved any data in windows like google chrome
When i create new project in gns3 i won’t get that it will started from the beginning
Okay I got you. Unfortunately that is actually how it works. It's the fact that it's using trial VMs, you want to make sure that you get a fresh install to reset that trial timer every time you drop a machine. I usually use a website like ninite.com to quickly install the applications I need.
In the cases where I have open source software that doesn't expire license wise, such as the Linux routers created for these labs, there is an option on the appliance template that says something like make this the base machine image. If you uncheck that option, load a VM in gns3, add whatever software you want and make whatever changes you like, power down the VM, and then go back to the template and check the option back on. You will now have a base image with the software installed and the device configured the way that you wanted to.
I can't remember off the top of my head but I believe there are videos in my gns3 playlist about this somewhere. Someday down the road I am going to re-record my creating a lab from scratch videos now that gns3 2.2 is out.
I hope that helps and that's not too confusing!
Thanks a alot Mr Devin
I am waiting for that videos 2.2 version
great congrats