Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IP Sec Tunnel Interface is UP, but i can't do a ping to remote pc

Hi, I have 2 fortigates a 60E and a 20C I have established the IPSec tunnels for site-to-site vpn. The tunnel in both fortigates appears to me to be up, but I cannot ping between the lan networks. I have set the static route and added the access policies. I don't know what else to do. And if I check the IPSec monitor, I see that there is incoming and outgoing traffic.evidencia.png


In the firewall policy, are you logging all allowed traffic? Do you see any Rx for a particular log entry or only Tx?
You can get more information about the traffic using below debug flow with appropriate filters.
This would show you where the packet is going.


Hi ShivSagar, thank you. Yeah, in the firewall policy i logging all allowed traffic. With the packet debug flow i see the packet that i send in both fortigates coming in the VPN interface. But still it doesn't ping, what I notice in both fortigates on the IPSec monitor is that there is only Outgoing Data and no Incoming Data.

I don't know what else to do, and I eliminated the VPNs and recreated them, I did a flush and reset the tunnel and it remains the same :(

Valued Contributor III

Make sure that the distance for the static routes for the tunnels has a smaller number for the distance than the default.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:

Hi Bob, thanks for your time, I have configured the static route with the distance in 1 in both fortigates. But I still don't ping. If you have time and even if there is a cost involved, could you help me to solve this problem please




From the CLI, can you check the output of "get router info routing-table details <remote IP>" to view the route which is taking and check if it's the correct one?


Hi, thank you.

I put the command get router info routing table details in my Fortigate 60E in mi Site A.

And this is the output.









And in my fortigate 20C in my site B, i can't run the command so i make a packet flow and the packets entry in the VPN interface. I put the image. I ping to the remote lan in site A (

Ping SV-GT.png







Thank you for your time



Thank you Shivasagar for your time.


I tried to put NAT-T in forced in the fortigate 20c (SiteB) but doesnt allow this option :( 




In mi Fortigate 60E (Site A) already put the NAT-T in forced. 


But i still without do a ping. 


Please collect the below sniffer output at both 20C and 60E. 

"diag sniffer packet any 'host <peer public IP>' 6 0 a"

With which you can confirm if ESP packets are arriving.

On 20C and 60E, are other IPSec tunnels working fine? If you have a 3rd device, is it possible to configure a tunnel for testing on that and see if it works?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors