I've got a scenario where I can't seem to get traffic between two sites, to route to a third site over an IPSEC VPN.
Here's the Setup
Site A Fortigate (remote site) --private WAN connection--Site B Fortigate (Primary Site)--IPSEC VPN--Site C (subsidiary site) Palo Alto
I have an IPSEC tunnel setup between Site B and Site C with 2 Phase 2 selectors one for a subnet at Site B, which is working, and one for a subnet at site A which is not working.
Testing has produced the following results:
Tracert from Site A to Site C, stops at the Private WAN interface on the Fortigate at site B
Starting a ping from Site A to Site C:
Packet capture on the Site A Fortigate looking for traffic to Site C shows packets sent but not received
Packet capture on the Site B Fortigate looking for traffic to Site C shows packets sent but not received
Policies on both Site A and B Fortigates show traffic.
I'm at a loss as to where to go with troubleshooting. Policy lookups at Site A show the traffic is allowed, the same for Site B. I don't have access to the Palo Alto at Site C, as it's a subsidiary.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Was going crazy. Turns out the admin had forgotten to put in a static route to the subnet at Site A.
Hi Beeradmin
Great that you found and fix the issue.
Below is the link you can keep handy for IPSEC troubleshooting in case you need anytime in future
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshooting-IPsec-VPNs/ta-p/195955
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.