FCVPN (IPSEC) , No Bytes Received

ncaridi · ‎01-25-2015

Hi ,

Trying to setup a FCVPN IPSEC.

Connection is successful with user's credentials and bytes sent are counting up but no ICMP reply is received.

We have all -->all on Internal /FCLVPN and vice versa set up.

looking at the traffic log I see the following error on

iprope_in_check() check failed, drop

src : Internal

dst : root

service : 137/udp

which isn't Ping but time fits fine.

and also the destination address is wrong. (wrong ip).

any help is appreciated.

Thanks.

emnoc · ‎01-25-2015

I would start by running diag debug flow on the suspected traffic using a filter for the match ( search here for examples on how to use it )

2nd I would double check fwpolicy ordering

3rd ensure the fwpolicy is correct and that nat is not enabled

You can always provide a copy of the FCVPN cfg that you deployed on the Fortigate.

PCNSE

NSE

StrongSwan

Rewanta_FTNT · ‎02-20-2015

>

looking at the traffic log I see the following error on iprope_in_check() check failed, drop src : Internal dst : root service : 137/udp which isn't Ping but time fits fine. and also the destination address is wrong. (wrong ip). any help is appreciated.

<

-this is not ping traffic, but the broadcast traffic and is dropped by default.

-if the ping cant pass then debug is needed.

diag debug reset

diag debug debug enable

diag debug flow filter clear

diag debug flow filter proto 1

diag debug flow addr <client-ip>

diag debug flow show function-name enable

diag debug flow show console enable

diag debug flow trace start 300

run the above commands then start the ping

-disable the debug

diag debug reset

diag debug enable

FCVPN (IPSEC) , No Bytes Received

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website