Skip to main content
comas17
comas17
New Member
October 20, 2016
Question

Traffic of a specific VLAN not routed over VPN

  • October 20, 2016
  • 1 reply
  • 8972 views

Hi all

(sorry for the long post but I tried to explain a very strange problem...) After a power outage in our remote office I'm having some strange problems with the VPN connection between our Headquarter (HQ) and our remote office (RO) Our HQ has a Fortigate 60D (firmware 5.2.1 build 618) Our RO has a Fortigate 60C (firmware 5.2.1 build 618) There is a static VPN (called AW_VPN) between HQ and RO used for PC network traffic and also for telephones In "network - interfaces - internal" I have configured a VLAN to be used for telephones HQ PC network is 192.168.20.x HQ phones network is 192.168.1.x RO PC network is 192.168.120.x RO phones network is 192.168.101.x In both firewall are configured the static routes to forward to the VPN (AW_VPN) the traffic for both networks (PC and phones) PC traffic works correctly; no problem to access from HQ to RO and viceversa

 

Now the problem: Phones DO NOT work correctly; in our HQ there is the switchboard and remote phones cannot connect it I tried to connect my PC to the phones network and these are the tests In our Headquarter Ping from HQ PC (192.168.1.234) to HQ firewall (192.168.1.252)            OK Ping from HQ PC (192.168.1.234) to HQ switchboard (192.168.1.2)            OK Ping from HQ PC (192.168.1.234) to RO firewall (192.168.101.252)        OK Ping from HQ VI (192.168.1.234) to RO telephone (192.168.101.172)        OK Ping from HQ PC (192.168.1.234) to RO PC (192.168.101.100)            NOT OK In our remote office Ping from RO PC (192.168.101.100) to RO telephone (192.168.101.172)        OK Ping from RO PC (192.168.101.100) to RO firewall (192.168.101.252)        OK Ping from RO PC (192.168.101.100) to HQ firewall (192.168.1.252)        NOT OK It seems to me that there is "something" blocking the telephone traffic from remote office to headquarter As I said the 2 static routes are correctly configured; take into consideration that everithing was working correctly and the problems appeared after a power outage. Some configurations are lost ? Which ? Maybe the firewall LAN port is damaged ? But also pc network traffic uses the same port and it works.. Any idea ? Thank you

    1 reply

    RD5
    RD5
    New Member
    October 20, 2016

    I have had a similar issue once where I had to bring the tunnel down and then back up, then it would work as designed.  Have you tried that?

    Did you check to make sure the policies are there and enabled?

    Does the route show up in the routing monitor?

     

     

    comas17
    comas17Author
    New Member
    October 21, 2016

    Yes, I have tried to bring the tunnel down and then back up

    I tried to reboot both firewalls

    Polisies are in place and enabled and they show up in the routing monitor (see attached image)

    I'm running out of ideas..

    Maybe I could try to delete these routes and recreate them ?

     

    RD5
    RD5
    New Member
    October 21, 2016

    What do the policies look like?  

    What do your VPN phase 2 settings look like?  Are all the networks defined?

    Did anything else change other than the power outage?  

     

    Terms & ConditionsAccessibility statement