Tunnel is up ,Byte Received 0

Forum|Forum|10 years ago
January 21, 2016
1 reply
26930 views

Hi,

Ipsec tunnel is up , but shows byte received 0

please help (conf file atatched )

Thanks

fortigate vpn-1.jpg

emnoc

New Member

the dig debug flow is your friend. I would also check the client to ensure they have the dynamic range that id and the route table on the dialup user.

simsAuthor

Explorer II

Hi

Thank you for your support . Actually i got the log during deug . ( i have replaced original ip addresses)

m wan1." id=13 trace_id=1991 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1991 msg="NAT-T keep-alive" id=13 trace_id=1992 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1992 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1993 msg="vd-root received a packet(proto=17, wanip:4500->remote-ip:14688) from local." id=13 trace_id=1993 msg="Find an existing session, id-057b5cfa, reply direction" id=13 trace_id=1994 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1994 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1994 msg="NAT-T keep-alive" id=13 trace_id=1995 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1995 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1995 msg="NAT-T keep-alive" id=13 trace_id=1996 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1996 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1996 msg="NAT-T keep-alive" id=13 trace_id=1997 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1997 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1997 msg="NAT-T keep-alive" id=13 trace_id=1998 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1998 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1998 msg="NAT-T keep-alive" id=13 trace_id=1999 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1999 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2000 msg="vd-root received a packet(proto=17, wanip:4500->remote-ip:14688) from local." id=13 trace_id=2000 msg="Find an existing session, id-057b5cfa, reply direction" id=13 trace_id=2001 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=2001 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2001 msg="NAT-T keep-alive" id=13 trace_id=2002 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=2002 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2002 msg="NAT-T keep-alive"

When i run " route print " on windows machine i could not see the route to the permitted network .

Now another problem started cient not sending or receiving any bytes .

here is the debug output for sent and receive byte 0

id=13 trace_id=3025 msg="allocate a new session-057c9d9a" id=13 trace_id=3026 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3026 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3027 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3027 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3028 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3028 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3029 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3029 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3030 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3030 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3031 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3031 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3032 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3032 msg="Find an existing session, id-057c9d9a, original direction"

I am very new to fortinet

Please help

ede_pfau

SuperUser

You supply nearly no information that could help:

- which firmware version on the FGT?

- which VPN software, which version?

- how is the VPN client configuration?

I deducted you're using a software client from the type of tunnel.

A wild guess: you've configured "Mode config" on the FGT - do you know what that is, and is the client prepared for this?

Second hint: if you plan to serve more than 1 VPN client concurrently you'll have to help the FGT to differentiate between multiple clients, keyword: peer ID.

Please have a (another) look at the VPN chapter of the Handbook to learn about the different tunnel options.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded