Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AUT_Maverick
New Contributor III

IPSec Routing

We have established a VPN connection with a FortiGate firewall in Stockerau.
Steyr -> Stockerau works.
Stockerau -> Steyr unfortunately not, it is not routed into the VPN tunnel although there is a static route with 10.30.0.0/16.

HUVA
HUVA
3 REPLIES 3
kmohan
Staff
Staff

Hi,

Check the inbound and outbound traffic on the policy
then check static route the Steyr is traffic send via same GW or not

 

Karthick
kmohan

Take debug flow 

 

 

Karthick
princes
Staff
Staff

Hi,

You need to make sure the route which you have created for this particular destination should be active in the routing table.

# get router info routing-table details 10.30.0.0

(Make sure the route should be shown with * sign)

Also make sure there is no policy route created for the same with any other interface.

Also make sure you have outbound policy allowing traffic from your LAN towards the tunnel interface.

If you still see the traffic for this subnet is taking default route instead of tunnel interface route, verify the flow with debug flow.


# diagnose debug flow filter sa <source-IP_lan-PC>
# diagnose debug flow filter da <10.30.0.x>
# diagnose debug flow show function-name enable
# diagnose debug flow trace start 100
# diagnose debug enable

You can also refer the below article for debugs:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPN-is-up-but-network-is-not-r...

Regards,

prince

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors