Hello everyone,
I’m currently experiencing some issues with our Site-to-Site VPN (fortiOS 7.0.12) that was previously functioning without any problems. It seems that the NAT IP pool is not properly translating the source address, which is causing issues during the Phase 2 negotiation.
As a result, the remote site is unable to establish a proper connection to exit the tunnel. I suspect that this misconfiguration might be affecting the traffic routing and connectivity.
If anyone has encountered a similar issue or has suggestions on how to troubleshoot this, I would greatly appreciate your input!
FGTAZ-VM01 # diagnose debug reset
FGTAZ-VM01 # diagnose debug flow filter clear
FGTAZ-VM01 # diagnose debug flow filter addr 192.168.110.11
FGTAZ-VM01 # diagnose debug flow show function-name enable
show function name
FGTAZ-VM01 # diagnose debug flow trace start 100
FGTAZ-VM01 # diagnose debug enable
FGTAZ-VM01 # id=20085 trace_id=2 func=print_pkt_detail line=5844 msg="vd-root:0 received a packet(proto=1, 10.0.1.6:7390->192.168.110.11:2048) tun_id=0.0.0.0 from port2. type=8, code=0, id=7390, seq=814."
id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5930 msg="Find an existing session, id-000000ed, original direction"
id=20085 trace_id=2 func=ipv4_fast_cb line=53 msg="enter fast path"
id=20085 trace_id=2 func=ip_session_run_all_tuple line=7156 msg="SNAT 10.0.1.6->10.0.11.17:7390"
id=20085 trace_id=2 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface VPN-IPSEC, tun_id=0.0.0.0"
id=20085 trace_id=2 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel VPN-IPSEC"
id=20085 trace_id=2 func=ipsec_common_output4 line=778 msg="No matching IPsec selector, drop"
Thank you in advance for your help!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1613 | |
1052 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.