Hi,
I have problem with connection two routers with using Ipsec Tunel.
In one side (behind Teltonika router) I have Local Area Network with IP 10.1.0.0/24. (Network A)
Behind Fortigate i Have LAN with IP 10.1.1.0/24. (Network B). (Fortigate LAN IPv4 adress 10.1.1.1
My tunel is rising up, but i don't have access from Network A to Network B and other way
Configuration IPSec tunel in Teltonika:
Configuration IPSec tunel in Fortigate:
Both routers have a fixed IPv4 address (WAN address). My purpose is have full access from one computer in network B to all network A and vice versa.
Hi @Mateusz28,
Do you have firewall policies to allow the traffic? You can run debug flow to see if the traffic is being dropped by following this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
yes, I've allowed every traffic with every protocol between devices
Can you run the following command when reach network B from A with ping protocol to see if traffic is allowed and route correctly on FortiGate:
diag debug reset
diag debug flow filter addr X.X.X.X (computer IP where you ping from)
diag debug flow filter proto 1
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999
Regards,
Minh
Hello Mateusz28,
Make sure the Local-GW IP you have configured on the IPSEC configuration is also present in the WAN1 either as a primary IP or secondary IP
If the tunnel is already up , both phase1 and phase2 traffic should be flowing.
Are you generating traffic from a host in network 10.1.1.X/24 towards 10.1.0.X/24?
In that case what you would need to check is:
1) Routing - is there any static route configured?
get router info routing-table details x.x.x.x <-- x.x.x.x is the destination you are trying to ping.
2) Firewall Policy - are there FW policies configured to allow this traffic?
You would need 2 policies, one LAN -> IPSEC, the other IPSEC -> LAN for the return traffic.
Double-check the configuration just in case, sometimes there is a small thing that has caused the issue.
If all of the above is checked and configured correctly try setting NAT-T to forced on the FGT side just in case maybe some traffic is being dropped by ISP.
Hope this helps.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.