Mateusz
New Contributor

static routing via tunel

I have a problem, I have double nat done on tunnel_VPN and want to create static routing for another network from tunnel 172.22.0.0/24, but when I check traceroute it sends it out into space. I add a signal to go through my WAN gateway (port1) and add the tunnel_VPN interface I created, but that doesn't work. Can anyone help me?

9 REPLIES 9
akristof
Staff
Staff

Hello,

It is not really clear what you are trying to do and what is the problem. Can you share with us more information, routing-table, traces, etc?

Adrian
Mateusz

I need to do network routing 172.22.0.0 in the VPN tunnel.  I need to access the 172.22.0.0 network.
Firewall_police_nat.PNGVirtual_IP.PNGstatic_route_tabel.PNGIP_Pools.PNG

 

Mateusz

interface.PNG

akristof

Hi,

Thank you. And how is your tunnel configured? Do you have 0.0.0.0/0 as selectors or specific subnets? Also, I want to clarify, is traffic working and only traceroute is showing incorrect next-hop or traffic via tunnel is not working at all?

Adrian
Mateusz

now yes traffic to my network 172.16.0.0. works fine, you can connect but it doesn't go the other way.tracert.PNGtunel.PNG

akristof

Hi,

Thank you. If I should guess, it is related to the SNAT. Is FortiGate also on remote end? Or it is different vendor? If it is FortiGate, then do one debug flow on each device would be the best to see if traffic is routed correctly or not.

Adrian
Mateusz

so there is also a fortigate at the other end.

Mateusz

Ok, and if we have it turned on and tracert goes to my address 192.168.0.1 and it still doesn't work, is the problem with me or on the other end?

akristof

Hello,

In your case, because you don't have IP address on tunnel interface, traceroute will show you IP address of the interface with the lowest index. I recommend to run debug flow on both devices and check what is happening with the packet.

https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow

Adrian