Skip to main content
DavidC
DavidC
New Member
March 5, 2019
Question

VPN Ipsec tunnel site-to-site is up but can't ping HQ to branch hosts

  • March 5, 2019
  • 1 reply
  • 12098 views

Hello,

I would like to have some help, i have set up a IPsec Tunnel VPN Site-to-Site between 2 Fortigate. It's working well HQ and Branch are connected.

Tunnel is up 24/7, i can ping Branch's Lan to HQ's Lan without problems(Pcs, FG, Routers, wireless point,etc.) and HQ's Lan to Branch's Lan(FG, Routers, wireless point, printers etc ok but no PC's)

RDP only works in one side, from the branch's site.

HQ's LAN 10.0.78.0/24 Brand's LAN 10.0.150.0/24  

 

I did a full check-up about firewall, policies, local and remote address and static routes.

 

Thanks.

    1 reply

    viplo
    viplo
    New Member
    March 6, 2019

    Hi there,

     

    On which version are you?

    Did you add an IP to both VPN interface?

     

    Cheers

    DavidC
    DavidCAuthor
    New Member
    March 7, 2019

    Hello,

     

    Yes i added an IP to both VPN interface as remote gateway (the public ip address of the HQ FortiGate and Branch FortiGate).

    I used this guide : https://cookbook.fortinet.com/site-to-site-ipsec-vpn-with-two-fortigates-60/

     

    HQ's firmware : v5.6.6 build 1630

    Branch's firmware : v5.6.3 build 1547

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 7, 2019

    @viplo: the tunnel interfaces do not need any IP addresses ('unnumbered' will do).

     

    Are you SURE the PCs will allow ping requests? Think of Windows Firewall or any other protection software.

    If traffic (like RDP) is only allowed from one side, do you have a policy in place for that direction?

    Terms & ConditionsAccessibility statement