Skip to main content
OsCarry77
OsCarry77
New Member
June 15, 2018
Question

VPN up, but no traffic passing ....

  • June 15, 2018
  • 2 replies
  • 12814 views

Hi Everyone,

 

Recently, I have mounted an IPSec VPN with 2 FortiGATE 100D, the VPN I see connected, I can enter from one side and another to the FortiGATE without problem .... but when pinging some IP in the 2 networks ... I don't have any ... even, the same FortiGATE ping doesn't respond to me ..... I already break the logs and in all I see the negotiations of the 2 phases as successful ... I already deleted the configurations and I have returned them to lift and I can't make this work ... the detail is in these same 100D, I have other VPN configured to other FortiGATE and everything in order, only these 2 I cann't get through to the networks .. can help me with this please?

 

Thanks.

 

 

Oscar

    2 replies

    Nicholas_Doropoulos
    Nicholas_Doropoulos
    New Member
    June 16, 2018

    Hi,

     

    Could you please elaborate on this statement of yours:

     

    "I can enter from one side and another to the FortiGATE without problem"

     

    Do you mean you can already access network resources from one subnet to the other and vice versa but cannot ping? If so, I would just ensure that ping is one of the services enabled on the firewall policies configured on both Fortigates. 

     

    Thanks.

     

     

    m0j0
    m0j0
    New Member
    June 18, 2018

    Hi Oscar,

     

    I'd need a bit more information to give an accurate answer, but I'll do my best to give you things to look for.  I'm going to assume you've set this up as an interface mode tunnel as that's the option that requires a few extra steps that can result in a tunnel up but no traffic passing if these settings are missed.

     

    Firstly, ensure you have routes configured on each firewall for the remote tunneled subnet via the tunnel interface.  If this is not set, the firewall won't attempt to send traffic down the tunnel.  Also, you need to ensure you have firewall policies to allow traffic over the tunnel.  As with the route, the "outside" interface for the policies will be the tunnel interface.

     

    Of course, I could be completely misunderstanding the issue.  If so, my apologies.

     

    Regards,

    Mark

    Fullmoon
    Fullmoon
    New Member
    June 18, 2018

    Pls verify the ff;

    Firewall policies

    Routing

    correct subnet on Quick Mode Selector of each Fortigates?

    Terms & ConditionsAccessibility statement