Skip to main content
jolato
jolato
New Member
April 11, 2016
Question

Dont Allow traffic between VPN

  • April 11, 2016
  • 2 replies
  • 4881 views

hi! 

 

 

I check the politics, statics routes, conf of the VPN of two side and i dont find the error.

 

someone can tell me what is the problem?

 

 

- the politics is: TWO for side host a----> host b and host b ------> host a

 

- the static route is: the internal net to VPN, and the priority 0.

- And the VPN is add to the especific interface

 

 

 

 

 

 

    2 replies

    Somashekara_Hanumant
    Staff & Editor
    Somashekara_Hanumant
    Staff & Editor
    April 11, 2016

    Hi,

     

    From the given information, I could understand you are not able to reach vpn resources on the other side.

     

    To further assist you, kindly provide the below command output

     

    diag vpn tunnel list

    get router info routing-table all

    get router info routing-table database

     

    Cheers

    Somu

    Dear Karishma, Thank you for the update. Fortiweb does not support LDAP load balancing. You need to choose any load balance device to achieve this, fortinet also has a device called FortiADC. For more information, kindly get in touch with fortinet sales channel. Please do let me know if you need further assistance with this issue. I will be moving the ticket to 'Pending close confirm' status, the ticket will be open for next five days and auto close on sixth day. Should you have any further queries regarding the case don't hesitate to update this ticket within the 5 day time-frame. Regards, Somu Fortinet EMEA TAC Engineer - L2 Fortinet NSE Level 4

    jolato
    jolatoAuthor
    New Member
    April 11, 2016

    Hi Karishma

     

    The command: 

    diag vpn tunnel list
    name=xxxxx ver=1 serial=2 x.x.x.x:0->x.x.x.x:0 lgwy=static tun=intf mode=auto bound_if=5
    proxyid_num=1 child_num=0 refcnt=5 ilast=119 olast=119
    stat: rxp=0 txp=0 rxb=0 txb=0
    dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=23
    natt: mode=none draft=0 interval=0 remote_port=0
    proxyid=VPN-F2 proto=0 sa=1 ref=2 auto_negotiate=1 serial=3 
      src: 0: x.x.x.x/255.255.255.0:0
      dst: 0:x.x.x.x/255.255.255.0:0
      SA: ref=3 options=0000002e type=00 soft=0 mtu=1412 expire=28652 replaywin=2048 seqno=1
      life: type=01 bytes=0/0 timeout=28772/28800
      dec: spi=7a38b0ce esp=aes key=16 51652248a51f8e06eb60a98dd757ddc2
           ah=sha1 key=20 8ae0cbc6d2f9434b7d716569b8caf4651c39504f
      enc: spi=37258492 esp=aes key=16 1bff328c510539cd00a37d7877e56905
           ah=sha1 key=20 fb92d4f2df3c0da6b8e2dd6dd598f7560eafe83d
      dec:pkts/bytes=0/0, enc:pkts/bytes=0/0

     

     

    I dont see the error... 

     

     

     

     

    jolato
    jolatoAuthor
    New Member
    April 12, 2016

    Hi.

     

    The problem is missing.

     

    the solution is downgrading the version of ASA.

     

    Thanks and regards

    Terms & ConditionsAccessibility statement