Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

TakeTsuj
New Contributor

Created on ‎06-01-2016 11:20 AM

IPSec bet. 70D & Juniper SSG5

I have configured IPSec VPN between Fortigate 70D (FortiOS 5.4) & Juniper SSG5. 
The VPN itself is up and I can access remote site from SSG5 side without any problem.
However, from Fortigate side LAN, I cannot access to the other end (SSG side LAN).

I checked the traffic coming into our SSG5, BUT for some reasons, the traffic coming
from Fortigate side is NATted to WAN1 interface address. So, of course, the traffic
drops at SSG side.

I am trying to fix this issue tho, I am quite new with Fortigate. If you have any thoughts,
that would be very helpful!

Thank you very much in advance!

Tak

Labels:
482
0 Kudos
1 Solution
TakeTsuj
New Contributor
In response to IvanLin1

Created on ‎06-02-2016 04:20 AM

Hi Ivan,

Thank you very much for your kind reply.

I actually tried that before tho, it did not work.
However, I deleted the policy and recreated it, now it is working.
I created the policy (NAT was enabled) and disabled NAT after all,
it didn't work. So, I deleted it and recreated it. For some reasons,
FG70D did not disable it...

Anyway, now it is working!

Thanks,

Tak

View solution in original post

478
0 Kudos
2 REPLIES 2
IvanLin1
New Contributor

Created on ‎06-01-2016 11:24 PM

I would assume that you are using the default route base VPN. Since the VPN connection is up, i will ignore this point and just check below and see if helps

can you check following:

1) confirm if you have set the correct routes to pass thru the ipsec tunnel

2) set the correct firewall policies and do not enable nat on this

regards

Ivan

478
0 Kudos
TakeTsuj
New Contributor
In response to IvanLin1

Created on ‎06-02-2016 04:20 AM

Hi Ivan,

Thank you very much for your kind reply.

I actually tried that before tho, it did not work.
However, I deleted the policy and recreated it, now it is working.
I created the policy (NAT was enabled) and disabled NAT after all,
it didn't work. So, I deleted it and recreated it. For some reasons,
FG70D did not disable it...

Anyway, now it is working!

Thanks,

Tak

479
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.