Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joliva1
New Contributor

Can not see equipments on booth sides Ipsec VPN Tunnel Fotigate 40F 7.04

Hi, I just created a ipsec VPN tunnel with the  VPN wizzard  the tunnel; the tunnel is up with phase 1 and phase 2,   i can reach  the  remote fortigate  Gateway ip  with ping  and  also  i am able to enter on web interfase  of the remote fortigate 40F on each side, the problem that  i have, is that i can not reach  any other  equipment on the remote network of any side, i configure also my static routes on each side , and the firewall policies, any ideas of what should i check with my configuration, thanks in advance

Jaime
Jaime
4 REPLIES 4
adambomb1219
SuperUser
SuperUser

Sounds to me like a return route is missing?

joliva1
New Contributor

Thank you for your fast Reply, i had check remote routes and seems good try a traceroute from my laptop  to the fortigate 40F and was successfull

Traza a 192.168.0.1 sobre caminos de 30 saltos como máximo.

 

  1    <1 ms    <1 ms    <1 ms  192.168.11.99

  2    60 ms    62 ms    63 ms  192.168.0.1

 

Traza completa

When i try from the laptop to reach the remote pc  this is what i get

 

Traza a 192.168.0.184 sobre caminos de 30 saltos como máximo.

 

  1    <1 ms    <1 ms    <1 ms  192.168.11.99

  2    62 ms    62 ms    62 ms  customer-nMCA-211-110.megared.net.mx [187.245.211.110]

  3     *        *        *     Tiempo de espera agotado para esta solicitud.

  4     *        *        *     Tiempo de espera agotado para esta solicitud.

 

Thanks again

 

Jaime
Jaime
Christian_89
Contributor III

Hello 

 

If you have successfully established the IPsec VPN tunnel between two FortiGate 40F devices and can reach the remote FortiGate gateway IP, but cannot reach any other equipment on the remote network, there are a few things you can check:

1. Firewall policies: Ensure that you have configured the appropriate firewall policies to allow traffic between the local and remote networks. Check both the incoming and outgoing policies to make sure they are correctly configured.

2. Routing: Verify that you have configured the static routes correctly on both FortiGate devices. The routes should point to the correct next-hop IP addresses for the remote networks. Double-check the routing table on each device to ensure the routes are present and correct.

3. NAT: If you are using Network Address Translation (NAT), make sure you have configured it properly. Check if NAT rules are interfering with the VPN traffic or causing address translation issues.

4. Subnet overlap: Ensure that there is no overlapping IP address space between the local and remote networks. If there is an overlap, it can cause routing and connectivity problems.

5. VPN phase 2 settings: Review the Phase 2 settings for the VPN tunnel on both FortiGate devices. Make sure the local and remote subnets are correctly configured and match the actual networks.

6. Traffic logging: Enable logging for the relevant firewall policies and review the logs to see if any traffic is being blocked or denied. This can provide valuable information about why the connectivity is not working.

7. Firmware version: Check if you are running the latest firmware version on both FortiGate devices. There might be known issues or bug fixes related to IPsec VPN that could impact connectivity.

If you have checked all these aspects and are still unable to reach other equipment on the remote network, it might be helpful to consult the Fortinet documentation, forums, or support resources for further assistance.

joliva1
New Contributor

Thank you so Much  for the answer  Christian i wil double check everything  i may be one of this thanks

Jaime
Jaime
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors