Fortinet Community

Report Inappropriate Content · ‎04-10-2006

Hello, I' ve managed to up the IPSec VPN tunnel between 2 fortigate firewalls (203.120.174.158 and 203.114.11.58).. However, these 2 public ip addresses abstracted from the external intefaces of fortigate firewalls. In the firewall policy, i have allowed the traffic of private IP addresses (eg. 192.168.31.0 and 200.1.1.0) for both firewalls from internal to external and external to internal. It seems that i couldn' t ping or telnet to remote private IP addresses.. I do a trace route, it seems that the route it goes to default gateway. Please advice. Thanks

abelio · ‎04-11-2006

ORIGINAL: sherman_goh In the firewall policy, i have allowed the traffic of private IP addresses (eg. 192.168.31.0 and 200.1.1.0) for both firewalls from internal to external and external to internal. ^^^^^^^^^^^^^^^^^^

don' t configure external->internal crypt policies to define a standard Ipsec tunnel Try to follow the step-by-step example guide http://kc.forticare.com/default.asp?id=689&Lang=1&SID= and adjust later for your particular situation Another possible source of problems: your second " private" network 200.1.1.x it' s not really " private" in a RFC' s sense.. these Ip' s are public and alive in the internet, so you' ve the additional task to assure that the peer whose private lan is 192.168.31.x/x " knows" how to reach " your" 200.1.1.x subnet and not the public one. In case of you' re using double-wan, etc, take care of this.

regards

__ Abel

Fortinet Community

IPSec VPN between Fortigate60 and Fortigate 200