Some PCS connect to the Site to Site VPN, others do not.

Forum|Forum|1 year ago
January 8, 2025
2 replies
1194 views

Hello, I have configured a site-to-site VPN on a 40F with version v7.2.10 build1706 (Mature), which is listed above, the problem is that some computers can connect, others cannot connect from the same site, it is valid with the server administrator it indicates that there are no restrictions on connected users, in the policy as origin (LAN) there is an IP configured with a /24 mask in the policy there are no restrictions configurations some.

I appreciate your help.

dingjerry_FTNT

Staff

Hi @Orjuela ,

Use one of the non-working PCs as a tester for troubleshooting (I assume that you have FGTs for both VPN peers):

1) Run diag sniffer packet command on both peers with the PC tester IP as the filter to see whether the traffic passes through the VPN tunnel or not (Let's use Ping for testing if you allow Ping);

diag sniffer packet any 'host x.x.x.x and icmp' 4 // x.x.x.x is the IP of the test PC

2) Based on the outputs of the sniffer command, run the debug flow commands on one peer to check why the traffic is not working.

diag debug flow show iprope enable

diag debug flow filter addr x.x.x.x

diag debug flow filter proto 1

diag debug flow trace start 20

diag debug enable

Then run Ping on the test PC.

Once done, to stop the debug, run:

diag debug reset

diag debug disable

diag debug flow filter clear

Note: Do not run continuous Ping.

AEK

SuperUser

Hello Orjuela

One of the possible reasons, check if the host that can't reach the VPN if they have some entries in the routing table that prevent them to send the packets through their default GW, for example this can happen if they have a virtualization software installed on them and using the same subnets as the remote ones.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded