0.0.0.0/0(everything) Gateway ISP Router
10.10.10.0/24 Gateway MPLS. Means, 10.10.10.0/24 is on MPLS
20.20.20.0/24 Gateway VPN1. Means, 20.20.20.0/24 is on VPN1
30.30.30.0/24 Gateway VPN2. Means 30.30.30.0/24 is on VPN2
# get router info routing-table all | grep 10.10.10.0/24Or
# get router info routing-table allMake sure there is a routing for 10.10.10.0/24 segment.
# diag sniffer packet any ‘host 10.10.10.16 and icmp’ 4 0From source 172.168.0.100, ping to 10.10.10.16.
interfaces=[any]Check the gateway / interface use to reach the 10.10.10.16.
filters=[host 172.168.0.100 and host 10.10.10.16 and icmp]
11.097441 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
11.097557 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
11.129438 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
11.129477 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
12.102049 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
12.102085 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
12.133505 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
12.133531 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
13.109669 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
13.109708 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
13.147746 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
13.147773 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
14.114213 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
14.114249 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
14.138062 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
14.138096 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
11.xxxxxx – for 1 complete pingSo in this scenario, the traffic flow is correct.
12.xxxxxx – for 1 complete ping
13.xxxxxx – for 1 complete ping
14.xxxxxx – for 1 complete ping
Traffic from LAN(in) to MPLS(out)
Respond from MPLS(in) to LAN(out)
# Exe ping-options source <interfaceIP>3) Make sure the other unit also route to the FortiGate.
Related Articles