Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zmag
New Contributor

IPSec tunnel, not routing

I have a new IPSec tunnel and I have control over both ends of it. Local - FG60B 4.0 MR3 Remote - FG60C 4.0 MR1 The tunnel shows successful P1 and P2, but no successful pings. My first step was to tracert to a remote host. The tracert went to the firewall as expected but then it went out the default gateway not the virtual interface bound to the tunnel. the route states : destination = 10.154.154.0/24 device = rmg_dev (virtual interface) I think that just having this route should force traffic to the virtual interface, even if the tunnel was down, so why would traffic continue to gateway of last resort?
22 REPLIES 22
ede_pfau
SuperUser
SuperUser

Apparently the current routing table has not been updated. There is a diag command to gracefully restart the routing daemon but a) I don' t remember it now and b) it might lead to instability of the FGT. Save the config (once more) and reboot the FGT. Check that the changes have been picked up now.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
zmag
New Contributor

I' ll restart that service tonight as this could potentially take some time to clean up. I do have configs saved from before any of this. I will update this forum with the results. Thanks for the input.
zmag
New Contributor

This has been resolved. I booted the active node, which was a nice test of the cluster, (lost only 2 pings all tunnels stayed up) but still had the routing issue on the new active node. I rebooted the new active node and that fixed the routing issue. Looking for a root cause i ran a file " diff" but found nothing other than expected changes.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors