Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Multisite traffic over IPSEC VPN Issue.

I've got a scenario where I can't seem to get traffic between two sites, to route to a third site over an IPSEC VPN.


Here's the Setup


Site A Fortigate (remote site) --private WAN connection--Site B Fortigate (Primary Site)--IPSEC VPN--Site C (subsidiary site) Palo Alto 


I have an IPSEC tunnel setup between Site B and Site C with 2 Phase 2 selectors one for a subnet at Site B, which is working, and one for a subnet at site A which is not working.


Testing has produced the following results:

Tracert from Site A to Site C, stops at the Private WAN interface on the Fortigate at site B

Starting a ping from Site A to Site C:

Packet capture on the Site A Fortigate  looking for traffic to Site C shows packets sent but not received

Packet capture on the Site B Fortigate looking for traffic to Site C shows packets sent but not received


Policies on both Site A and B Fortigates show traffic.


I'm at a loss as to where to go with troubleshooting. Policy lookups at Site A show the traffic is allowed, the same for Site B. I don't have access to the Palo Alto at Site C, as it's a subsidiary. 

New Contributor

Was going crazy. Turns out the admin had forgotten to put in a static route to the subnet at Site A.


Hi Beeradmin


Great that you found and fix the issue.

Below is the link you can keep handy for IPSEC troubleshooting in case you need anytime in future




Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors