Hi, I just created a ipsec VPN tunnel with the VPN wizzard the tunnel; the tunnel is up with phase 1 and phase 2, i can reach the remote fortigate Gateway ip with ping and also i am able to enter on web interfase of the remote fortigate 40F on each side, the problem that i have, is that i can not reach any other equipment on the remote network of any side, i configure also my static routes on each side , and the firewall policies, any ideas of what should i check with my configuration, thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sounds to me like a return route is missing?
Thank you for your fast Reply, i had check remote routes and seems good try a traceroute from my laptop to the fortigate 40F and was successfull
Traza a 192.168.0.1 sobre caminos de 30 saltos como máximo.
1 <1 ms <1 ms <1 ms 192.168.11.99
2 60 ms 62 ms 63 ms 192.168.0.1
Traza completa
When i try from the laptop to reach the remote pc this is what i get
Traza a 192.168.0.184 sobre caminos de 30 saltos como máximo.
1 <1 ms <1 ms <1 ms 192.168.11.99
2 62 ms 62 ms 62 ms customer-nMCA-211-110.megared.net.mx [187.245.211.110]
3 * * * Tiempo de espera agotado para esta solicitud.
4 * * * Tiempo de espera agotado para esta solicitud.
Thanks again
Hello
If you have successfully established the IPsec VPN tunnel between two FortiGate 40F devices and can reach the remote FortiGate gateway IP, but cannot reach any other equipment on the remote network, there are a few things you can check:
1. Firewall policies: Ensure that you have configured the appropriate firewall policies to allow traffic between the local and remote networks. Check both the incoming and outgoing policies to make sure they are correctly configured.
2. Routing: Verify that you have configured the static routes correctly on both FortiGate devices. The routes should point to the correct next-hop IP addresses for the remote networks. Double-check the routing table on each device to ensure the routes are present and correct.
3. NAT: If you are using Network Address Translation (NAT), make sure you have configured it properly. Check if NAT rules are interfering with the VPN traffic or causing address translation issues.
4. Subnet overlap: Ensure that there is no overlapping IP address space between the local and remote networks. If there is an overlap, it can cause routing and connectivity problems.
5. VPN phase 2 settings: Review the Phase 2 settings for the VPN tunnel on both FortiGate devices. Make sure the local and remote subnets are correctly configured and match the actual networks.
6. Traffic logging: Enable logging for the relevant firewall policies and review the logs to see if any traffic is being blocked or denied. This can provide valuable information about why the connectivity is not working.
7. Firmware version: Check if you are running the latest firmware version on both FortiGate devices. There might be known issues or bug fixes related to IPsec VPN that could impact connectivity.
If you have checked all these aspects and are still unable to reach other equipment on the remote network, it might be helpful to consult the Fortinet documentation, forums, or support resources for further assistance.
Thank you so Much for the answer Christian i wil double check everything i may be one of this thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.