I have created a IPasec tunnel between 2 FGT Ipsec tunnel is properly configured have phase 1 192.168.2.0/24 phase 2 has 10.10.5.0/24 & 10.10.6.0/24 have same policy for both 10.10.5.0/24 & 10.10.6.0/24 range. now issue is from few system 192.168.2.x range am not getting connectivity to 10.10.5.0/24 range but 10.10.6.0/24 are getting connected. I have monitor the log the traffic is reaching to FGT local LAN port for that particular system but no traffic on 2nd fortigateon log , for 10.10.6.0/24 i can see log on both fortigate that traffic is moving. this very strange issue Update: now with testing i found that even number IP are able to access 10.10.5.0/24 network (i.e .32 &.172) but ip address end with odd number are not ( I.e. .65 & .169) but from that able to access 10.10.6.0/24 network thanks in adavance Vishal
[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2
Network topology please but what is the local/remote subnets between sites 1 & 2
e.g
site1
local=10.10.5.0/24
remote=10.10.6.0/24
and
site2
remote=10.10.5.0/24
local=10.10.6.0/24
?????s
What is "192.168.2.0/24" in relationship to your design?
Again a bunch of ?????s . A simple network drawing of the encryption domain would be helpful. Also ensure routing is correct in the design.
Ken Felix
PCNSE
NSE
StrongSwan
Hi Ken Felix, site1 local=10.10.5.0/24 remote=192.168.2.0/24 local=10.10.6.0/24 remote=192.168.2.0/24 and site2 remote=10.10.5.0/24 local=192.168.2.0/24 remote=10.10.6.0/24 local=192.168.2.0/24 now the issue is i can access 10.10.6.0/24 from any ip of 192.168.2.0/24 but 10.10.5.0/24 can be accessible only for even number ip like .2 & .32 from odd number IP address like 192.168.2.7 , 33 am not able to access 10.10.5.0/network thanks
[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2
issue resolved. the issue was with static route on fortigate for 10.10.5.0/24 network there was 2 IP-sec Tunnel so there was 2 static route & i had AD value for both 1 later when i changed Ad value of Secondary tunnel to 10 then it was working fine.
[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1841 | |
1128 | |
769 | |
447 | |
258 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.