Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ForgetItNet
Contributor

Ping reply but no sent Ping and also destination unreachable

Hi all,

 

Got 2 Fortigate 100E's at 2 branches, these run BGP and connect in a hub and spoke setup to our head office with a site to site VPN. We have 2 sub-interfaces on each of the branch Fortigates (v7) for our VOIP phones. The setup is this, siteA have main LAN of 192.168.1.20 and sub interface for VOIP of 192.168.2.20 and there is a phone server on there on IP of 192.168.2.215. siteB has main LAN of 192.168.70.20 and sub interface for voip of 192.168.159.20 and has a phone server on there on 192.168.159.6. 

I can ping successfully from the Fortigates from 192.168.2.20 to 192.168.159.6 and also from 192.168.2.215 to 192.168.159.20 and from 192.168.159.20 to 192.168.2.20 and 192.168.2.215 so the sub interfaces can see the devices on the sub-interfaces both ways however if i do a source ping from the phone servers on 192.168.2.215 and 192.168.159.6 to each other then i get no response.

I've ran a packet sniffer on both sides and weirdly enough the one when pinging from siteA and pinging from 192.168.2.215 to 192.168.159.6 i get an Echo Ping Reply frim 192.168.159.6 (source) to 192.168.2.215 (dest) but then a destination unreachable from 192.168.2.215 (source) to 192.168.159.6 (dest). If i then run it from siteB i ONLY get an Echo Ping Reply form 192.168.2.215 (source) to 192.168.159.6 (dest) but no Echo request ?

I've tried putting in a firewall rule on both sides to allow ICMP through from VOIP to the VPN HUB but it doesn't make any difference.

Anyone see what i'm doing wrong here or missing ?

Thanks (and i'm hoping i've written that down correctly :) )

11 REPLIES 11
ForgetItNet
Contributor

I added a firewall rule to test for the siteA sip as the source to siteB sip as the dest and allowed ICMP and was getting a ping reply from siteB to site A but the request again is showing as Destination Unreachable (Protocol Unreachable)...just tried it again and there's nothing on either side....not sure if there's just a network issue that keeps going up and down

 

zoriax
Contributor

Hello,

 

I have the same problem on some sites. Do you have a solution or found something ?

Labels
Top Kudoed Authors