Good morning.
I have created an IPSEC Ipsec tunnel dial up to connect it using forticlient. Some users uses that tunel for ToIP.
I have problems with SIP UDP traffic 5060. In some cases, the server (172.25.3.7) tryes to send SIP traffic to the remote users (192.168.106.0/29) and I have a drop message and the ToIP agents cannot register to the ToIP platform. The problem occurs when I have more than one ToIP user tryng to work, with only one user it not happens.
On the debug I have observed a drop message and I think maybe that's the problem" No maching IP Selector drop": (172.x.x.x server sends SIP traffic to 192.x.x.x.user connected to dial up tunnel).
func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=original)"
id=20085 trace_id=476 func=print_pkt_detail line=5622 msg="vd-root:0 received a packet(proto=17, 172.25.3.7:5060->192.168.106.3:5060) from port9. "
id=20085 trace_id=476 func=resolve_ip_tuple_fast line=5702 msg="Find an existing session, id-134b0eb2, reply direction"
id=20085 trace_id=476 func=npu_handle_session44 line=1159 msg="Trying to offloading session from port9 to IPSEC-ORG, skb.npu_flag=00000400 ses.state=01030004 ses.npu_state=0x03101008"
id=20085 trace_id=476 func=fw_forward_dirty_handler line=399 msg="state=01030004, state2=00000000, npu_state=03101008"
id=20085 trace_id=476 func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=reply)"
id=20085 trace_id=476 func=ipsecdev_hard_start_xmit line=788 msg="enter IPsec interface-IPSEC-ORG"
id=20085 trace_id=476 func=ipsec_common_output4 line=869 msg="No matching IPsec selector, drop"
On the other hand I have try to change the route selectors phase 2 of my tunnel (by default 0.0.0.0 0.0.0.0) and I have configure that but still doesn't work.
IPSEC-TUNNEL | 0.0.0.0/0.0.0.0(source) | 192.168.106.0/255.255.255.224(destination). |
All the other traffics works well.
Could you help me please?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Good morning Fortimaster,
Did you try to have a look in our Knowledge Base? You may find an article which could provide a solution.
Just select Knowledge Base, the concerned product and you can easily make a search in our search bar.
Do not hestiate to come back to us if you do not find the solution.
Regards,
Thanks Antony_E
Yes , I have tryed to found it but I dont have find it.
Hello,
No problem at all.
We will find somebody to find a solution for your question.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.