0.0.0.0/0(everything) Gateway ISP Router
10.10.10.0/24 Gateway MPLS. Means, 10.10.10.0/24 is on MPLS
20.20.20.0/24 Gateway VPN1. Means, 20.20.20.0/24 is on VPN1
30.30.30.0/24 Gateway VPN2. Means 30.30.30.0/24 is on VPN2
# get router info routing-table all | grep 10.10.10.0/24Or
# get router info routing-table allMake sure there is a routing for 10.10.10.0/24 segment.
# diag sniffer packet any ‘host 10.10.10.16 and icmp’ 4 0From source 172.168.0.100, ping to 10.10.10.16.
interfaces=[any]Check the gateway / interface use to reach the 10.10.10.16.
filters=[host 172.168.0.100 and host 10.10.10.16 and icmp]
11.097441 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
11.097557 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
11.129438 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
11.129477 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
12.102049 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
12.102085 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
12.133505 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
12.133531 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
13.109669 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
13.109708 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
13.147746 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
13.147773 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
14.114213 lan in 172.168.0.100 -> 10.10.10.16: icmp: echo request
14.114249 MPLS out 192.168.244.136 -> 10.10.10.16: icmp: echo request
14.138062 MPLS in 10.10.10.16 -> 192.168.244.136: icmp: echo reply
14.138096 lan out 10.10.10.16 -> 172.168.0.100: icmp: echo reply
11.xxxxxx – for 1 complete pingSo in this scenario, the traffic flow is correct.
12.xxxxxx – for 1 complete ping
13.xxxxxx – for 1 complete ping
14.xxxxxx – for 1 complete ping
Traffic from LAN(in) to MPLS(out)
Respond from MPLS(in) to LAN(out)
# Exe ping-options source <interfaceIP>3) Make sure the other unit also route to the FortiGate.
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.