Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPSec VPN Tunnel only working one-way

There was a power outage at our remote site and since then the IPsec tunnel appears to only work in one direction. My remote users can access local resources, but I cannot so much as ping anything on the other side of the remote firewall. I am able to interface with the remote firewall through its web interface. I can also ping the remote devices from the remote firewall but not directly from my computer. We use a site-to-site IPsec VPN tunnel. The remote side is behind a NAT. The problem appears to be with the remote firewall, but I cannot see any policies that could be blocking my local computer from interfacing with the remote computers. The local and remote computers are on different subnets, but I have policies that should be allowing them to talk. I updated to the latest firmware update and no change either. The local firewall has not been updated. 


Any ideas on what the culprit could be?

Esteemed Contributor III

Unidirectional traffic can only be connected to the policy not working in that direction. Edit the corresponding policy, change a value, save, re-edit, restore the original value, save. If that doesn't help, I suspect more damage to the remote FGT.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"

[strike]But how am I able to access the remote firewall yet I cannot communicate with any device on the other side of it?[/strike]


A colleague of mine helped me figure out the issue. Earlier in the week, I hastily created a separate subnet for a Windows server 2000 for a contractor to remote into. This subnet happened to comprised the hosts that I was wanting to connect to and were being blocked by another policy. When the power outage happened, the implicit deny prioritized this traffic. 

Top Kudoed Authors