For versions 5.6 to 6.4.
The following are the IP address information of both FortiGates.
||FortiGate - I
||FortiGate - II
To verify if the LAN subnets are able to reach each other over the VPN tunnel, initiate an ICMP echo from either side.
If the tunnel UP is not visible, raise a support ticket. It will be helpful to collect the following debug output:
# diag vpn tunnel list
# diag vpn ike filter clear
# diag vpn ike log-filter dst-addr4 x.x.x.x <----- Where x.x.x.x is the WAN IP of the remote site.
# diag debug application ike -1
# diag debug console timestamp enable
# diag debug enable
Once the commands are executed, try to bring the tunnel UP from the GUI (VPN -> IPsec Monitor -> Bring UP or with the command):
# diagnose vpn tunnel up “vpn_tunnel_name” <----- Where 'vpn_tunnel_name' is the phase1 name of the respective VPN tunnel.
Once the debugs are collected, stop the debug with command:
# diag debug disable
# diag debug reset
Attach the complete output to the ticket along with the config files of both the FortiGates.