Traffic issue between tunnel interfaces

wlknsl · ‎10-29-2021

Sorry to bother people and its my first time on the forum, im hoping people could cast a light on where the issue lies as we are finding that when it comes to our site to site vpn between the Fortigate in the office and the fortigateVM in Azure

when at our branch office we can access our network on the azure portal through the fortigate on the 10.0.x.x range but can not talk to the other vpn tunnels for an example one customers vpn is on a 10.1.x.x range and another company is on a 10.2.x.x and another is 10.3.x.x the only way we can get traffic talking properly from the branch office to the different tunnels is if we use the forticlient vpn to connect into the fortigate azure then traffic has no problem traversing the tunnels

our branch office site that connect to the fortigate azure (cloud-to-br**)

orani · ‎10-29-2021

You should check your routing. As you have two destinations at 10.1.x.x you cannot route traffic correctly. If it is not possible to change the remote addressing you can maybe use nat to access the network you can't at this time

Orestis Nikolaidis

Network Engineer/IT Administrator

wlknsl · ‎11-02-2021

Hi Oran thank you for your reply, i left you a PM just to update you, i did a typo, i put 10.1.0.0 twice when it should of been different subnets, thank you for the response and you took time out for it

wlknsl · ‎11-02-2021

Hi just an update on the post , i fixed it myself, if others want to know, it turned out to be the phase2 local groups, didnt realise i needed to put the customer IP range in with our IP range for the VPN tunnel in order to communicate which makes sence as the custmer vpn tunnel is local to Port1 which is the same port as out vpn tunnel (site to site)