fortigate 60E 6.4
as an example i'm trying to route whatismyip.com via ipsec tunnel router1 to router2
Router 1 192.168.1.0/24
Router 2 192.168.2.0/24
I can ping anything on router 2 so i can confirm the tunnel is up
but when i try to traceroute whatismyip.com it hangs at my router.
can you help me figure out what i'm doing incorrectly?
Thanks
Details
I have an FQDN that resolves whatismyip.com with its 2 addresses named test
I have policy that routes
incoming interface inside
outgoing router1 to router2
source all
destination test
schedule always
service all
action accept
inspection mode flow based
firewall NAT enabled
no security profile
log enable
policy enabled
I have a static router set
named test
interface router1 to router2
admin distance 10
I can run a policy lookup
inside
protocol ip
protocol number 1
source 192.168.1.100
destination test
it will show that the above policy is the one selected
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Not clear about the topology. Is the 60E = Router2? Or, it sits inbetween Router2 and Internet?
both routers are 60E's
LAN Traffic to whatismyip.com needs to go from router 1 to router 2 then to the cloud
there is a tunnel already setup between the 2 gates
note whatismyip.com is just an example and not the actual website i'm trying to route but used for the example only. so if router 1 public ip is 20.20.20.20 and router 2 30.30.30.30 then whatismyip.com would show 30.30.30.30 as the ip i'm coming from. currently whatismyip.com is just stopping at router1
You must have a set of inbound and outbound policies on both ends without NAT to let 192.168.1.0/24 and 192.168.2.0/24 talk each other over the tunnel. Then your test route pushes traffic to the destination into the tunnel, if the phase2-selectors are including the destination: 192.168.1.0/24<->test. If you're using 0/0<->0/0 for the selector, it includes everything so that's not a problem.
Thanks NAT was the issue
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.