IPsec tunnel (LAN to LAN) between FG and Draytek

Forum|Forum|7 years ago
October 17, 2018
2 replies
7037 views

Hi, I have a problem with the connection of these two devices (Fortigate 100D and Draytek 2920). I present screenshots from the configuration below. FG:

Draytek:

I have access from the drytek site to FG, but not from FG to drytek.

I have two polices:

I have no idea why this is happening. Thank you in advance for your help.

itsupport11

New Member

did you find a solution to this???

hbac

Staff

Hi @turbose,

If the tunnel is not coming up, you can run the following debugs to see what is wrong.

di deb res
diagnose vpn ike log-filter dst-addr4 95.51.57.194
di deb app ike -1
di deb en

Regards,

Sokratis

New Member

thanks, the tunnel is up, we can ping from remote site to FG but we cannot ping Draytek from FG site.. strange, Policies are ok, traffic goes through the tunnel (checked packet capture on tunnel)

hbac

Staff

@Sokratis,

In that case, you can run the following debug flow to see if it is being dropped. Assuming you are trying to ping 192.168.100.1.

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter proto 1
di deb flow filter addr 192.168.100.1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

Regards,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded