Working with a client that has the following setup.
1) Data Centre with SonicWall Cluster.
2) Remote Office with Fortigate Cluster (in progress of being added), and a Cisco Router and ASA.
The Remote office has servers with default gateway of 10.103.202.13, which is the Cisco Router, and the ASA (which we are in progress of replacing) is at 10.103.202.44.
The Fortinet has an IP of 10.103.202.1.
There's a site-to-site tunnel between the SonicWall cluster and the Fortigate Cluster to allow transit of 10.150.9.0/24 to 10.103.202.0/24 networks. From the 10.103.202.0/24 network, there's no issues accessing the 10.150.9.0/24 network.
From the 10.150.9.0/24 network, low-level protocols, like ping, DNS, work fine, but anything TCP-heavy, does not.
I sniffed traffic and can see that the traffic has TCp-Retransmission issues.
The path from the Data Centre to the server is - DataCentre Server -> SonicWall -> Fortigate -> Remote Server
The return path back is - Server -> Router -> Fortigate -> SonicWall -> DataCentre Server
I found a workaround and CAN confirm that if I put route add statements on the remote servers for the 10.150.9.0/24 with a gateway of 10.103.202.1, the traffic flow works.
We had the service provider add a route to the Router to do the same thing, but that only seems to work for traffic sourced at the remote site.
The ROUTE ADD statements work, but I'd like to know if there's another option that doesn't involve hitting all the servers directly for this.
Something I've overlooked?
Thanks!
<I found a workaround and CAN confirm that if I put route add statements on the remote servers for the 10.150.9.0/24 with a gateway of 10.103.202.1, the traffic flow works.>
You may try enable "icmp-redirect" on Cisco router, Cisco Router's default gw point to ForitGate 10.103.202.1
Sorry - need to add - we have no access to modify the Cisco devices. They are managed by a 3rd party.
You may try enable NAT on FGT IPsec policy.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.