Hello Guys.
I'm facing issue with the Hub and Spoke topology showed in the picture, I added Spoke1 to newly to the topology and I can ping from any device behind the spokes subnets to the subnet behind the spoke1 but not the reverse!
I can ping from (172.16.11.2) behind Spoke1 to (10.11.22.14) behind the Hub.
But, I can not ping from (172.16.11.2) behind Spoke1 to (172.16.6.28) behind Spoke3 (the reverse ping working!).
the funniest thing is that another IP from the same subnet is pingable!
when I try to ping (172.16.6.233) it just works fine.
Any idea?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi All,
the issue is resolved, but I did a work around, I enabled NAT on the outgoing policy on Spoke1
all the other spokes and the hub working without NAT enabled.
something bad happened in the routing when it goes out from spoke1 to the other spokes, I did not figure it out yet.
If any one has an idea please share it here.
Thx
Hi @Moxeq ,
Analyzing the provided there is no routing or configuration issue since you are able to ping another IP from same subnet. I would advise to have a look at the configuration of the device which is not reachable. (Ping the gateway and than ping the spoke 1 subnet)
As per the behaviour it seems ping is not allowed on destination device 172.16.6.28.
To further confirm that traffic is being received and forwarded by Spoke3 Fortigate, kindly run packet capture (sniffer) or debug flow.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Also please share traceroute to check where the traffic stops.
Hi All,
the issue is resolved, but I did a work around, I enabled NAT on the outgoing policy on Spoke1
all the other spokes and the hub working without NAT enabled.
something bad happened in the routing when it goes out from spoke1 to the other spokes, I did not figure it out yet.
If any one has an idea please share it here.
Thx
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.