VPN ipsec OK but ping not

Forum|Forum|9 years ago
December 5, 2016
2 replies
6899 views

Fortigate 60C

v5.2.7,build718 (GA)

Hi there.

I created a vpn ipsec between my FG60C and a Netgear FVS336G.

The vpn is up and hosts in my subnet can be ping from the remote subnet (behind the Netgear FVS336G).

I can ping hosts of the remote subnet with the Fortigate's CLI, but i can't with the cmd.exe of my PC (behind the FG60C).

All firewalls off.

Did i miss something ?

any help would be great, THX.

techinfofaoAuthor

New Member

No replies ?

Just tell me if my problem is not clear enough .

Toshi_Esumi

SuperUser

I'm assuming you have a proper policy on the FG60C from local subnet to the remote one into the tunnel interface or zone. Then you need to sniff if it's actually going into the tunnel. If not, the next step would be flow debug to see why the FG is dropping the packets.

But you generally wouldn't be able to ping the remote host from the FG unless you specify the source IP on the LAN side. Are you sure the policy doesn't have NAT on? What do you see as the source IP in sniffing when you ping from the FG?

techinfofaoAuthor

New Member

Policy from local to remote subnet is OK.

No NAT on on both policy.

What do you mean by "sniffing if it's actually going into the tunnel" ?

Is there a specific command ?

Thx.

Toshi_Esumi

SuperUser

This is the syntax of sniffing:

http://kb.fortinet.com/kb/viewContent.do?externalId=11186

then this is for flow debugging:

http://kb.fortinet.com/kb/documentLink.do?externalID=FD33882

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded