- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FWF60D dial-up VPN to FGT100D
Hi
I have a FWF-60D (192.168.8.0/24) connecting via VPN to a FGT-100D (10.1.7.0/24). The link gets established, I have created policies in both firewalls in and out. The FGT-100D doesn't allow me to create a static route due to it being a dial-up. I have created the static route in the FWF-60D.
I can access the 10.1.7.0/24 from 192.168.8.0/24 not the other way around. When using execute ping-options source 10.1.7.1 (FGT-100D Interface) I can ping 192.168.8.200 (FWF-60D Interface). All other addresses in the subnet break out on the WAN interface and not the VPN, when doing a traceroute.
I have made sure the protocol-number is 0 in, config firewall service custom, in both firewalls. Both firewalls run 5.2.4.
Any advise would be great!!!
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
chances are high that the 10-FGT has created a /32 route. Check that in System>Routing>Routing Monitor. Should display as "192.168.8.200/32".
There's an easy cure: create a real site-to-site VPN, not a dial-up. Each type has it's advantages and disadvantages, and the dial-in type has the drawback that routing in the other direction is clumsy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Site-to-Site would be ideal, the problem is that the FWF-60D uses LTE which has a dynamic WAN IP, also no way to use a dynamic DNS.
I don't seem to be able to view System>Routing>Routing Monitor.
Cheers
