Hi,
I am trying to create "Overlapping subnets for a VPN tunnel" The VPN is UP, but there is no traffic flowing through Tunnel.
I have create Policies but when I checked the Route table, there was no Static Route created by the Wizard, I tried recreating the Tunnel still no Route... Created "Custom", "The remote Site behind NAT" etc. etc. Its not creating Static route.
I tried manually creating static routes still no traffic flow.
Remote LAN: 10.20.30.0/24
Nated IP: 100.100.100.100
Gateway : 70.70.70.70
Local LAN, 192.168.45.0/24
Any help/pointers will be appreciated
Thank you
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
you can refeere to this document:
To configure the IP Pool:
Hello @FortiG-User ,
Can you share all the configuration about this vpn tunnel with us?
Also, did the remote site configure their site according to nat IP right?
Hi,
Thank you for your reply..
Is there a command to print the whole Tunnel config output? Will share the same here..
Yes the other side has created a NATed cnfig on their side.
Thank you
Hello @FortiG-User ,
config vpn ipsec phase1-interface
edit <tunnel_name>
show
end
config vpn ipsec phase2-interface
edit <phase2_name>
show
end
Also, can you share the policy and route configuration?
Hi,
Thank you for your reply...
Following is the output
config vpn ipsec phase1-interface
edit "IPs_VPN_Tunnel"
set interface "wan2"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes256-sha1
set dhgrp 5
set remote-gw 70.70.70.70
set psksecret ENC YWjGJgTsaIB/S+7LmLZczlX7jtV3IdjMt4yBcRpM7HAeeB9fLSqI5u27rIKEeYBsGfc4BtC47wHqtj5a9VGhA/QAaoGUgT5y8BLUF9K6hamJ1aFBOt4Nhvzwb7fO0UWJ1PdGGg4g9sVZe/5IvXCvTbzatn3x8ci82Dl7ST+DiMylOCoVI0l7LiujoqlXMkg==
next
end
config vpn ipsec phase2-interface
edit "IPs_VPN_Tunnel"
set phase1name "IPs_VPN_Tunnel"
set proposal aes256-sha1
set dhgrp 5
set keylifeseconds 3600
set src-subnet 100.100.100.100 255.255.255.255
set dst-subnet 10.20.30.0 255.255.255.0
next
end
Thank you
Hello @FortiG-User ,
Your vpn configuration seems correct.
If you configured the policy and route like this. It should be working.
Static Route :
Destination: 10.20.30.0/24
Interface: Ipsec Interface
Policy:
Source interface: x.interface
Destination interface: Tunnel_interface
Source: x.x.x.x
Destination: 10.20.30.0/24
Nat: Ip pool - 100.100.100.100
If your configuration is like this, you need to check the other side.
Thank you very much for all your help..
Hi,
you can refeere to this document:
To configure the IP Pool:
Thank you very much... That did the trick... and All set now....
Thank you very much for all your help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.