Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IP sec connection between Teltonika RUT 955 and Fortigate 40F


I have problem with connection two routers with using Ipsec Tunel. 


In one side  (behind Teltonika router) I have Local Area Network with IP (Network A)

Behind Fortigate i Have LAN with IP (Network B). (Fortigate LAN IPv4 adress


My tunel is rising up, but i don't have access from Network A to Network B and other way


Configuration IPSec tunel in Teltonika:


 Configuration IPSec tunel in Fortigate:



Both routers have a fixed IPv4 address  (WAN address). My purpose is have full access  from one computer in network B to all network A and vice versa.



Hi @Mateusz28,


Do you have firewall policies to allow the traffic? You can run debug flow to see if the traffic is being dropped by following this article:



New Contributor

 yes, I've allowed every traffic with every protocol between devices


Can you run the following command when reach network B from A with ping protocol to see if traffic is allowed and route correctly on FortiGate:

diag debug reset
diag debug flow filter addr X.X.X.X (computer IP where you ping from)
diag debug flow filter proto 1
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999



Hello Mateusz28, 


Make sure the Local-GW IP you have configured on the IPSEC configuration is also present in the WAN1 either as a primary IP or secondary IP

If the tunnel is already up , both phase1 and phase2 traffic should be flowing. 
Are you generating traffic from a host in network 10.1.1.X/24 towards 10.1.0.X/24? 
In that case what you would need to check is: 
1) Routing - is there any static route configured? 
get router info routing-table details x.x.x.x   <-- x.x.x.x is the destination you are trying to ping. 
2) Firewall Policy - are there FW policies configured to allow this traffic? 
You would need 2 policies, one LAN -> IPSEC, the other IPSEC -> LAN for the return traffic.
Double-check the configuration just in case, sometimes there is a small thing that has caused the issue. 
If all of the above is checked and configured correctly try setting NAT-T to forced on the FGT side just in case maybe some traffic is being dropped by ISP. 
Hope this helps.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors