Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
epg_will
New Contributor

IPSec VPN Tunnel only working one-way

There was a power outage at our remote site and since then the IPsec tunnel appears to only work in one direction. My remote users can access local resources, but I cannot so much as ping anything on the other side of the remote firewall. I am able to interface with the remote firewall through its web interface. I can also ping the remote devices from the remote firewall but not directly from my computer. We use a site-to-site IPsec VPN tunnel. The remote side is behind a NAT. The problem appears to be with the remote firewall, but I cannot see any policies that could be blocking my local computer from interfacing with the remote computers. The local and remote computers are on different subnets, but I have policies that should be allowing them to talk. I updated to the latest firmware update and no change either. The local firewall has not been updated. 

 

Any ideas on what the culprit could be?

2 REPLIES 2
ede_pfau
Esteemed Contributor III

Unidirectional traffic can only be connected to the policy not working in that direction. Edit the corresponding policy, change a value, save, re-edit, restore the original value, save. If that doesn't help, I suspect more damage to the remote FGT.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
epg_will

[strike]But how am I able to access the remote firewall yet I cannot communicate with any device on the other side of it?[/strike]

 

A colleague of mine helped me figure out the issue. Earlier in the week, I hastily created a separate subnet for a Windows server 2000 for a contractor to remote into. This subnet happened to comprised the hosts that I was wanting to connect to and were being blocked by another policy. When the power outage happened, the implicit deny prioritized this traffic. 

Labels
Top Kudoed Authors