FWF60D dial-up VPN to FGT100D

Forum|Forum|10 years ago
January 21, 2016
1 reply
3285 views

Hi

I have a FWF-60D (192.168.8.0/24) connecting via VPN to a FGT-100D (10.1.7.0/24). The link gets established, I have created policies in both firewalls in and out. The FGT-100D doesn't allow me to create a static route due to it being a dial-up. I have created the static route in the FWF-60D.

I can access the 10.1.7.0/24 from 192.168.8.0/24 not the other way around. When using execute ping-options source 10.1.7.1 (FGT-100D Interface) I can ping 192.168.8.200 (FWF-60D Interface). All other addresses in the subnet break out on the WAN interface and not the VPN, when doing a traceroute.

I have made sure the protocol-number is 0 in, config firewall service custom, in both firewalls. Both firewalls run 5.2.4.

Any advise would be great!!!

Cheers

ede_pfau

SuperUser

hi,

chances are high that the 10-FGT has created a /32 route. Check that in System>Routing>Routing Monitor. Should display as "192.168.8.200/32".

There's an easy cure: create a real site-to-site VPN, not a dial-up. Each type has it's advantages and disadvantages, and the dial-in type has the drawback that routing in the other direction is clumsy.

VonGabrielAuthor

New Member

Hi

Site-to-Site would be ideal, the problem is that the FWF-60D uses LTE which has a dynamic WAN IP, also no way to use a dynamic DNS.

I don't seem to be able to view System>Routing>Routing Monitor.

Cheers

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded