Site to Site VPN FG60D and Mikrotik

Forum|Forum|9 years ago
November 2, 2016
2 replies
9771 views

I am in this situation. I created IPsec SiteToSite VPN with FG60D v.5.2.9 and MikroTik Router. Tunnel is UP and hosts in routed subnet(FG 192.168.1.0/24 MikroTik 192.168.2.0/24) are reachable. Traffic is on. There is only one trouble. From FG60D (192.168.1.1) I am not able ping anything in MikroTik subnet. But from PC (192.168.1.2) in FG's lan ping works. From MikroTik Site all works perfectly. Only from Fortigate ping not response. What is default IP for traffic generated from fortigate(source IP) ?

Best answer by Toshi_Esumi

try "execute ping-option source 192.168.1.1".

Somashekara_Hanumant

Staff & Editor

Hi,

When you try to generate the traffic from 192.168.1.1 IP address, collect the packets from the below commands

Session1:

diag debug reset diag debug enable diagnose debug flow filter saddr 192.168.1.1 diagnose debug flow filter daddr x.x.x.x diag debug flow show console enable diag debug flow show function-name enable diag debug flow trace start 200

Session2:

diag sniff packet any 'host 192.168.1.1 and host x.x.x.x' 4 0 a

Where x.x.x.x is a destination IP address on Mikrotik side.

After initiating the above commands on the ssh session then try to generate the traffic from 192.168.1.1

Cheers

Somu

Toshi_EsumiAnswer

SuperUser

try "execute ping-option source 192.168.1.1".

JakubPAuthor

New Member

Thank's to both of you,

Toshi 100% right answer.

Fortigate unit use IP address of IPsec VPN interface for ping and MikroTik drop it.

By debugging thanks to Somashekara I found it

Thanx to both

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded