Hello,
a remote site dials into my Fortigate via Custom VPN. The connection is also established.
Unfortunately, the remote addresses are not reachable.
What could be the reason for this?
The static routes are set and the policies are also set up.
Another site-to-site VPN works.
192.168.101.0/24 = Remote Dial Up Network
192.168.25.0/24 = Remote Site to Site VPN Network
Configuration:edit "Remote_location"
set type dynamic
set interface "wan_fiber"
set keylife 28800
set mode aggressive
set peertype one
set net-device disable
set proposal aes256-sha256
set localid "DialInLocation"
set dhgrp 5
set peerid "RemoteLocation"
set psksecret ENC PSK
set dpd-retryinterval 60
next
edit "Remote_location"
set phase1name "Remote_location"
set proposal aes256-sha256
set pfs disable
set src-addr-type name
set dst-addr-type name
set keylifeseconds 28800
set src-name "HomeLocation_subnets"
set dst-name "Remote_subnets"
next
Routing table for VRF=0
S *> 0.0.0.0/0 [10/0] via own_public_wan_gateway, wan_glasfaser, [100/0]
C *> own_public_wan_network/29 is directly connected, wan_fiber
C *> 192.168.1.0/24 is directly connected, lan
S 192.168.25.0/24 [254/0] is a summary, Null, [1/0]
S *> 192.168.25.0/24 [10/0] via Site-To-Site_VPN tunnel PUBLICIP_REMOTE_S2S, [1/0]
S 192.168.101.0/24 [15/0] via Remote_location tunnel PUBLICIP_REMOTE, [1/0]
S 192.168.101.0/24 [254/0] is a summary, Null, [1/0]
S *> 192.168.101.0/24 [10/0] is directly connected, Remote_location, [1/0]
Routing table for VRF=0
Routing entry for 192.168.101.0/24
Known via "static", distance 15, metric 0
via Remote_location tunnel PUBLICIP_REMOTE vrf 0, tun_id
Routing entry for 192.168.101.0/24
Known via "static", distance 254, metric 0
directly connected, Null
Routing entry for 192.168.101.0/24
Known via "static", distance 10, metric 0, best
* directly connected, Remote_location
Routing table for VRF=0
Routing entry for 192.168.25.0/24
Known via "static", distance 254, metric 0
directly connected, Null
Routing entry for 192.168.25.0/24
Known via "static", distance 10, metric 0, best
* via S2S_VPN tunnel PUBLICIP_REMOTE_S2S vrf 0, tun_id
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Does anyone else here have any ideas?
First, can you ping the gateway address of the main firewall device from the remote firewall device? Then, set up the main firewall device as dial-up and configure the remote firewall device by defining the gateway address of the main firewall device. Make sure you have set up Pre-share, authentication methods, policy, and route table. Add the IPsec VPN feature from the monitor section and check if phase 1 is up. If it’s not up, try to open debug. If it is up, try to check the phase 2 section again.
Ping is possible from devices in the remote subnet to the remote firewall.
I have checked everything again and all settings are OK.
In the monitor, phase 1 and phase 2 are up.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1071 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.