Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor

Problem with IPSEC Forticlient tunnel and ToIP

Good morning.

 

I have created an IPSEC Ipsec tunnel dial up to connect it using forticlient. Some users uses that tunel for ToIP.

 

I have problems with SIP UDP traffic 5060. In some cases, the server (172.25.3.7) tryes to send SIP traffic to the remote users (192.168.106.0/29) and I have a drop message and the ToIP agents cannot register to the ToIP platform. The problem occurs when I have more than one ToIP user tryng to work, with only one user it not happens.

 

On the debug I have observed a drop message and I think maybe that's the problem" No maching IP Selector drop":  (172.x.x.x server sends SIP traffic to  192.x.x.x.user connected to dial up tunnel).

 

func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=original)"
id=20085 trace_id=476 func=print_pkt_detail line=5622 msg="vd-root:0 received a packet(proto=17, 172.25.3.7:5060->192.168.106.3:5060) from port9. "
id=20085 trace_id=476 func=resolve_ip_tuple_fast line=5702 msg="Find an existing session, id-134b0eb2, reply direction"
id=20085 trace_id=476 func=npu_handle_session44 line=1159 msg="Trying to offloading session from port9 to IPSEC-ORG, skb.npu_flag=00000400 ses.state=01030004 ses.npu_state=0x03101008"
id=20085 trace_id=476 func=fw_forward_dirty_handler line=399 msg="state=01030004, state2=00000000, npu_state=03101008"
id=20085 trace_id=476 func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=reply)"
id=20085 trace_id=476 func=ipsecdev_hard_start_xmit line=788 msg="enter IPsec interface-IPSEC-ORG"
id=20085 trace_id=476 func=ipsec_common_output4 line=869 msg="No matching IPsec selector, drop"

 

On the other hand I have try to change the route selectors phase 2 of my tunnel (by default 0.0.0.0 0.0.0.0) and I have configure that but still doesn't work.

 

IPSEC-TUNNEL0.0.0.0/0.0.0.0(source)192.168.106.0/255.255.255.224(destination).

 

All the other traffics works well.

 

Could you help me please? 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Good morning Fortimaster,

 

Did you try to have a look in our Knowledge Base? You may find an article which could provide a solution.

Just select Knowledge Base, the concerned product and you can easily make a search in our search bar.

 

Do not hestiate to come back to us if you do not find the solution.

 

Regards,

 

 

Anthony-Fortinet Community Team.
fortimaster

Thanks Antony_E

 

Yes , I have tryed to found it but I dont have find it.

Anthony_E
Community Manager
Community Manager

Hello,

 

No problem at all.

We will find somebody to find a solution for your question.

 

Regards,

Anthony-Fortinet Community Team.
Labels
Top Kudoed Authors