Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jolato
New Contributor

Created on ‎04-11-2016 05:01 AM

Dont Allow traffic between VPN

hi! 

 

 

I check the politics, statics routes, conf of the VPN of two side and i dont find the error.

 

someone can tell me what is the problem?

 

 

- the politics is: TWO for side host a----> host b and host b ------> host a

 

- the static route is: the internal net to VPN, and the priority 0.

- And the VPN is add to the especific interface

 

 

 

 

 

 

Preview file
86 KB
3830
0 Kudos
4 REPLIES 4
Somashekara_Hanumant
Staff
Staff

Created on ‎04-11-2016 05:46 AM

Hi,

 

From the given information, I could understand you are not able to reach vpn resources on the other side.

 

To further assist you, kindly provide the below command output

 

diag vpn tunnel list

get router info routing-table all

get router info routing-table database

 

Cheers

Somu

Dear Karishma, Thank you for the update. Fortiweb does not support LDAP load balancing. You need to choose any load balance device to achieve this, fortinet also has a device called FortiADC. For more information, kindly get in touch with fortinet sales channel. Please do let me know if you need further assistance with this issue. I will be moving the ticket to 'Pending close confirm' status, the ticket will be open for next five days and auto close on sixth day. Should you have any further queries regarding the case don't hesitate to update this ticket within the 5 day time-frame. Regards, Somu Fortinet EMEA TAC Engineer - L2 Fortinet NSE Level 4

EMEA Technical Support
2308
0 Kudos
jolato
New Contributor
In response to Somashekara_Hanumant

Created on ‎04-11-2016 06:36 AM

Hi Karishma

 

The command: 

diag vpn tunnel list
name=xxxxx ver=1 serial=2 x.x.x.x:0->x.x.x.x:0 lgwy=static tun=intf mode=auto bound_if=5
proxyid_num=1 child_num=0 refcnt=5 ilast=119 olast=119
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=23
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=VPN-F2 proto=0 sa=1 ref=2 auto_negotiate=1 serial=3 
  src: 0: x.x.x.x/255.255.255.0:0
  dst: 0:x.x.x.x/255.255.255.0:0
  SA: ref=3 options=0000002e type=00 soft=0 mtu=1412 expire=28652 replaywin=2048 seqno=1
  life: type=01 bytes=0/0 timeout=28772/28800
  dec: spi=7a38b0ce esp=aes key=16 51652248a51f8e06eb60a98dd757ddc2
       ah=sha1 key=20 8ae0cbc6d2f9434b7d716569b8caf4651c39504f
  enc: spi=37258492 esp=aes key=16 1bff328c510539cd00a37d7877e56905
       ah=sha1 key=20 fb92d4f2df3c0da6b8e2dd6dd598f7560eafe83d
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0

 

 

I dont see the error... 

 

 

 

 

2308
0 Kudos
Somashekara_Hanumant
Staff
Staff
In response to Somashekara_Hanumant

Created on ‎04-12-2016 05:46 AM

Hi,

 

Kindly provide the below command output

 

get router info routing-table all get router info routing-table database

 

 

EMEA Technical Support
2308
0 Kudos
jolato
New Contributor

Created on ‎04-12-2016 06:08 AM

Hi.

 

The problem is missing.

 

the solution is downgrading the version of ASA.

 

Thanks and regards

2308
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.