Hi, I`m trying to solve a problem with STS configuration.
the tunnel has created, the vpn connections is up, but there is no traffic.
when i sent ping from comp1(first FW) to comp1(second FW), unfortunately 100% Loss. Traceroute as well go to nowhere.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Roni
I have the same problem with on of my customers.
We use IPsec, FortiClientEMS 6.0.3 and FortiOS 6.0.3. When we downgrade the client to 6.0.0 it works. We have not tried 6.0.1 or 6.0.2 yet.
What versions do you have?
OP, I assume "STS" means site-to-site. In this case, brudy's post would not apply.
You need 4 things for an IPsec VPN to work:
- the tunnel setup itself
- the Quick mode selectors in phase2
- a route to the tunnel interface
- a policy for traffic from/to the tunnel interface
As long as you control both sides of the tunnel (both FGTs) you can always make it work.
Please check that all of the above is working the way you intend it to be. For instance, in the policy table, you can set up traffic from - to and let FortiOS determine the policy it would use. Or in the routing table, you can check which route a specific traffic would use (or the absense of such).
Then, if all is set, we can try to debug this here, with more information supplied, and you tracing live traffic on the FGT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.