forti 60D-vpn tunnel up but can't ping the remote site through the cli

Forum|Forum|7 years ago
April 19, 2019
2 replies
3639 views

Hi All

I have an forti60D, and do the IPsec vpn with other brand firewall.

The VPN status show in forti monitor page is up.

And the client under forti can ping remote site LAN.

But I find something strange,I can't ping remote site through the forti cli.

I don't know where I have wrong config about the IPsec VPN.

thank you

Sheila

Toshi_Esumi

SuperUser

A couple of thing to verify:

1. Do you have an IP on the phase1-interface (config sys int)? Pinging from the FGT through the tunnel picks up that IP as the source.

2. Did you include from the interface IP <-> destination you're pinging to in the phase2 selectors on both sides? If you're using the default 0/0<->0/0, that should be fine.

3. Does the destination have a route back to your source IP (the interface IP in No.1) toward the tunnel on the other end? Otherwise return packets would follow the default route on the remote side.

In other words, nothing is strange.