Ping reply but no sent Ping and also destination unreachable
Got 2 Fortigate 100E's at 2 branches, these run BGP and connect in a hub and spoke setup to our head office with a site to site VPN. We have 2 sub-interfaces on each of the branch Fortigates (v7) for our VOIP phones. The setup is this, siteA have main LAN of 192.168.1.20 and sub interface for VOIP of 192.168.2.20 and there is a phone server on there on IP of 192.168.2.215. siteB has main LAN of 192.168.70.20 and sub interface for voip of 192.168.159.20 and has a phone server on there on 192.168.159.6.
I can ping successfully from the Fortigates from 192.168.2.20 to 192.168.159.6 and also from 192.168.2.215 to 192.168.159.20 and from 192.168.159.20 to 192.168.2.20 and 192.168.2.215 so the sub interfaces can see the devices on the sub-interfaces both ways however if i do a source ping from the phone servers on 192.168.2.215 and 192.168.159.6 to each other then i get no response.
I've ran a packet sniffer on both sides and weirdly enough the one when pinging from siteA and pinging from 192.168.2.215 to 192.168.159.6 i get an Echo Ping Reply frim 192.168.159.6 (source) to 192.168.2.215 (dest) but then a destination unreachable from 192.168.2.215 (source) to 192.168.159.6 (dest). If i then run it from siteB i ONLY get an Echo Ping Reply form 192.168.2.215 (source) to 192.168.159.6 (dest) but no Echo request ?
I've tried putting in a firewall rule on both sides to allow ICMP through from VOIP to the VPN HUB but it doesn't make any difference.
Anyone see what i'm doing wrong here or missing ?
Thanks (and i'm hoping i've written that down correctly :) )
I added a firewall rule to test for the siteA sip as the source to siteB sip as the dest and allowed ICMP and was getting a ping reply from siteB to site A but the request again is showing as Destination Unreachable (Protocol Unreachable)...just tried it again and there's nothing on either side....not sure if there's just a network issue that keeps going up and down
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.