Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FredMB
New Contributor

Some traffic goes through VPN, some other don't

Hi,

 

I have a VPN between 2 Fortigate and I notice a strange behaviour : 

Some machines on one network can ping machines on the other side of the VPN while others can't.

Checking in Fortiview / sessions, I discovered that some of them correctly execute the ping through the VPN while the other are trying to connect through WAN (and so it doesn't work).

 

I configured policies for traffic going from and to the other side of VPN, and route to remote network using the corresponding vpn interface.

 

In attachment is an example of what happens. My local network is 10.1.0.0/16 and the remote network is 192.168.0.0/16.

 

Do you have any idea on how to solve this problem ?

 

THank you very much,

 

Regards,

 

Fred

1 Solution
emnoc
Esteemed Contributor III

What I would do;

 

run diag debug flow to se what happens

 

inspect routing table static and PBR to ensure the route is correct for the src/dst

 

review  policyid 1+5  and possible ordering, look for any nat-enable on the policy that does NOT work.

 

ken

 

 

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
10 REPLIES 10
dropgear
New Contributor

did u create static route for it. this vpn is under interface vpn option right?

rookie

rookie
Labels
Top Kudoed Authors