Hi,
I have 3 sites connected by VPN and got problem with communication from LAN2 to LAN3 by 2 VPN tunnels.
Take a look at attached network diagram.
The VPNs are working fine so hosts from LAN1 could connect to LAN2 and to 172.20.88.83 and vice-versa. But I couldn't get a connection from 10.120.146.0 to 172.20.88.83 via 10.120.144.5 router (orange line with arrows on the diagram). I tried a few static routes or policy routes but traffic stucks on 10.120.146.254 and doesn't go outside first tunnel. Could someone help?
So there are 3 hops from the source before the destination. How far can you get when you traceroute/tracert from a device in LAN1? If you can't see the 2nd hop after hitting the local FGT, that means VPN is not passing the ping. Then check 1) network selectors, 2) routes(going and coming back directions), and 3) policies on both sides.
That should be the beginning of your network troubleshooting process.
Hi,
Is the correct route written to the tunnel for 172.20.88.0/24 on the fw in front of LAN2 and are the necessary rules defined for this connection? Or is there a VIP object related to the 172.20.88.0/24 network written on this firewall?
Did you check these?
Best Regards
Thank you for replies. I got more time yesterday and realised that I have to add all the subnets to Phase 2 of the VPN. So when I add them everything started to working fine. So the problem is resolved. :)
either that or set the p2 selectors to 0.0.0.0/0.0.0.0 and handle it with policies for each subnet (Or adrress group)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.