I would like to have some help, i have set up a IPsec Tunnel VPN Site-to-Site between 2 Fortigate. It's working well HQ and Branch are connected.
Tunnel is up 24/7, i can ping Branch's Lan to HQ's Lan without problems(Pcs, FG, Routers, wireless point,etc.) and HQ's Lan to Branch's Lan(FG, Routers, wireless point, printers etc ok but no PC's)
RDP only works in one side, from the branch's site.
HQ's LAN 10.0.78.0/24
Brand's LAN 10.0.150.0/24
I did a full check-up about firewall, policies, local and remote address and static routes.
On which version are you?
Did you add an IP to both VPN interface?
Yes i added an IP to both VPN interface as remote gateway (the public ip address of the HQ FortiGate and Branch FortiGate).
I used this guide : https://cookbook.fortinet.com/site-to-site-ipsec-vpn-with-two-fortigates-60/
HQ's firmware : v5.6.6 build 1630
Branch's firmware : v5.6.3 build 1547
@viplo: the tunnel interfaces do not need any IP addresses ('unnumbered' will do).
Are you SURE the PCs will allow ping requests? Think of Windows Firewall or any other protection software.
If traffic (like RDP) is only allowed from one side, do you have a policy in place for that direction?
@ede_pfau Thanks you!! It was problem with Windows Defender, i added an rule to allow ICMP's ping and now it's working well i can ping with cmd and use RDP from HQ's PCs to Branch's PCs.
@ede_pfau, I tryed to understand the situation, I didn't suggest to add IP or anything else ;)
I also had also kind of same issue, but it was because of Direct Access, found 2 hours ago.
Cool for you DavidC.