Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mehmet
New Contributor II

Cant reach Virtual IP from another vlan when using seconder WAN with policy route

I am having trouble when try to reach a server which is used as a NAT with virtual IP address from the VLAN20. Please could you give me some idea what's holding vlan20 to reach that server?

 

Debug flow :

 

id=20085 trace_id=885 func=print_pkt_detail line=5665 msg="vd-root:0 received a packet(proto=6, 192.168.2.3:61108->10.10.10.2:443) from ENKA SITE. flag [S], seq 3245614174, ack 0, win 64240"
id=20085 trace_id=885 func=init_ip_session_common line=5836 msg="allocate a new session-00c7d9b0"
id=20085 trace_id=885 func=_pre_route_auth line=106 msg="pre_route_auth check fail(id=0), drop"

 

 

 

My topology is here:

 

Vlan10 - 192.168.1.0/24
Vlan20 - 192.168.2.0/24

 

WAN1 : 10.10.10.2/24
WAN2 : 20.20.20.2/24

 

STATIC ROUTE : WAN1 - 10.10.10.1 - Priority 0
STATIC ROUTE : WAN2 - 20.20.20.1 - Priority 5

 

Policy Route : Incoming interface: VLAN20 - Source: 192.168.2.0/24 - Destination : 0.0.0.0/0.0.0.0 - Action: Forward Traffic - Outgoing interface: WAN2 - Gateway: 20.20.20.1


Policy Route(communicate between VLANS) : Incoming interface: VLAN20 - Source: 192.168.2.0/24 - Destination : 192.168.1.0/24 - Action: Stop Policy Routing

 

Firewall Policy

 

Incoming interface: VLAN10 - Outgoing Interface: WAN1 - Source : 192.168.1.0/24 - Destination: all - Services : ALL - Nat: yes
Incoming interface: VLAN20 - Outgoing Interface: WAN2 - Source : 192.168.2.0/24 - Destination: all - Nat: yes


Incoming interface: VLAN10 - Outgoing Interface: VLAN20 - Source : 192.168.1.0/24 - Destination: 192.168.2.0/24 - Services : ALL - Nat: NO
Incoming interface: VLAN20 - Outgoing Interface: VLAN10 - Source : 192.168.2.0/24 - Destination: 192.168.1.0/24 - Services : ALL - Nat: NO

 

Virtural IP


name : VNAT - Interface : WAN1 - Type : Static Nat - External IP: 10.10.10.2 - Mapped IP : 192.168.1.10 - Port Forwarding Protcol - TCP - External service Port : 443 - Map to Port 443

 

Firewall Policy for NAT

 

Incoming interface: WAN1 - Outgoing Interface: VLAN10 - Source : ALL - Destination: VNAT - Services : ALL - Nat: yes

1 Solution
mehmet
New Contributor II

Fixed the issue by adding below firewall policy

 

Incoming Interface : VLAN20 - Outgoing Interface : WAN2 - Source : ALL - Destination : 10.10.10.2 - Service : ALL - Nat : NO

 

 

View solution in original post

1 REPLY 1
mehmet
New Contributor II

Fixed the issue by adding below firewall policy

 

Incoming Interface : VLAN20 - Outgoing Interface : WAN2 - Source : ALL - Destination : 10.10.10.2 - Service : ALL - Nat : NO

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors