Hi Everyone
I have two Fortigates (200D & 90D) configured with a site to site VPN, from my Headquarters I can get into the branch office and open up Network resources and RDP sessions without a problem, however from my branch I can not get into my HQ, the traffic keeps on going public and not trough the IP-SEC tunnel.
I have 2 other Branches in this configuration and they work perfectly fine also a 200D to a 90D
Any advice or something I might be missing
Do you have a sanitized version of your config you can share?
Sounds like an erroneous route or something causing issue.
Mike Pruett
At the remote site, do you have a static route back down the tunnel with a lower distance than the default? That is needed so traffic goes the right way. Usually that's the missing link.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Here is some of the tunnel and routing config i have
next
edit "CPT2CTU_local"
set uuid 78f0da54-e6cf-51e6-f86c-5829e5ddd10f
set member "CPT2CTU_local_subnet_1"
set comment "VPN: CPT2CTU (Created by VPN wizard)"
next
edit "CPT2CTU_remote"
set uuid 793fcede-e6cf-51e6-1c3f-7c85eb534319
set member "CPT2CTU_remote_subnet_1" "CPT2CTU_remote_subnet_2"
set comment "VPN: CPT2CTU (Created by VPN wizard)"
Routing
config router static
edit 1
set gateway 196.22.249.57
set priority 10
set device "wan1"
set comment "Routes the traffic between the staff LAN and the staff External connection"
next
edit 3
set dst 10.1.0.0 255.255.254.0
set device "STUCPT2MAIN"
next
edit 4
set dst 172.16.1.0 255.255.255.0
set priority 1000
set device "CPT2CTU"
set comment "VPN: CPT2CTU (Created by VPN wizard)"
next
Policy
next
edit 7
set name "vpn_CPT2CTU_local"
set uuid 794bd85a-e6cf-51e6-93ba-e2ecd261976a
set srcintf "internal12"
set dstintf "CPT2CTU"
set srcaddr "CPT2CTU_local"
set dstaddr "CPT2CTU_remote"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: CPT2CTU (Created by VPN wizard)"
next
edit 10
set name "vpn_CPT2CTU_remote"
set uuid 79744196-e6cf-51e6-f154-662acf16d345
set srcintf "CPT2CTU"
set dstintf "internal12"
set srcaddr "CPT2CTU_remote"
set dstaddr "CPT2CTU_local"
set action accept
set schedule "always"
set service "ALL"
set comments "VPN: CPT2CTU (Created by VPN wizard)"
next
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.