Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Dont Allow traffic between VPN




I check the politics, statics routes, conf of the VPN of two side and i dont find the error.


someone can tell me what is the problem?



- the politics is: TWO for side host a----> host b and host b ------> host a


- the static route is: the internal net to VPN, and the priority 0.

- And the VPN is add to the especific interface










From the given information, I could understand you are not able to reach vpn resources on the other side.


To further assist you, kindly provide the below command output


diag vpn tunnel list

get router info routing-table all

get router info routing-table database




Dear Karishma, Thank you for the update. Fortiweb does not support LDAP load balancing. You need to choose any load balance device to achieve this, fortinet also has a device called FortiADC. For more information, kindly get in touch with fortinet sales channel. Please do let me know if you need further assistance with this issue. I will be moving the ticket to 'Pending close confirm' status, the ticket will be open for next five days and auto close on sixth day. Should you have any further queries regarding the case don't hesitate to update this ticket within the 5 day time-frame. Regards, Somu Fortinet EMEA TAC Engineer - L2 Fortinet NSE Level 4

EMEA Technical Support

Hi Karishma


The command: 

diag vpn tunnel list
name=xxxxx ver=1 serial=2 x.x.x.x:0->x.x.x.x:0 lgwy=static tun=intf mode=auto bound_if=5
proxyid_num=1 child_num=0 refcnt=5 ilast=119 olast=119
stat: rxp=0 txp=0 rxb=0 txb=0
dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=23
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=VPN-F2 proto=0 sa=1 ref=2 auto_negotiate=1 serial=3 
  src: 0: x.x.x.x/
  dst: 0:x.x.x.x/
  SA: ref=3 options=0000002e type=00 soft=0 mtu=1412 expire=28652 replaywin=2048 seqno=1
  life: type=01 bytes=0/0 timeout=28772/28800
  dec: spi=7a38b0ce esp=aes key=16 51652248a51f8e06eb60a98dd757ddc2
       ah=sha1 key=20 8ae0cbc6d2f9434b7d716569b8caf4651c39504f
  enc: spi=37258492 esp=aes key=16 1bff328c510539cd00a37d7877e56905
       ah=sha1 key=20 fb92d4f2df3c0da6b8e2dd6dd598f7560eafe83d
  dec:pkts/bytes=0/0, enc:pkts/bytes=0/0



I dont see the error... 








Kindly provide the below command output


get router info routing-table all get router info routing-table database



EMEA Technical Support
New Contributor



The problem is missing.


the solution is downgrading the version of ASA.


Thanks and regards

Check out our Community Chatter Blog! Click here to get involved
Top Kudoed Authors