I've got a scenario where I can't seem to get traffic between two sites, to route to a third site over an IPSEC VPN.
Here's the Setup
Site A Fortigate (remote site) --private WAN connection--Site B Fortigate (Primary Site)--IPSEC VPN--Site C (subsidiary site) Palo Alto
I have an IPSEC tunnel setup between Site B and Site C with 2 Phase 2 selectors one for a subnet at Site B, which is working, and one for a subnet at site A which is not working.
Testing has produced the following results:
Tracert from Site A to Site C, stops at the Private WAN interface on the Fortigate at site B
Starting a ping from Site A to Site C:
Packet capture on the Site A Fortigate looking for traffic to Site C shows packets sent but not received
Packet capture on the Site B Fortigate looking for traffic to Site C shows packets sent but not received
Policies on both Site A and B Fortigates show traffic.
I'm at a loss as to where to go with troubleshooting. Policy lookups at Site A show the traffic is allowed, the same for Site B. I don't have access to the Palo Alto at Site C, as it's a subsidiary.