The MTAVARI_FILIALI router doesn't have a return route for either those loopback IPs 172.25.11.1/172.25.12.1, or eth0/0 interface IP 10.10.10.2 depending on which one you're using for the ping source IP.

Toshi

hello

To solve the routing problem and enable pinging from the OPPA router to the host at 192.168.0.136, you need to verify and ensure the following configurations:

Sep-by-Step Troubleshooting

1. **Verify Routing on OPPA Router**:
- Ensure that the route to 192.168.0.0/24 network (which includes 192.168.0.136) is correctly configured on the OPPA router. It should point to the next hop that leads towards the MTAVARI network.

2. **Verify Routing on FortiGate**:
- Since OSPF is configured to redistribute static routes, ensure that the FortiGate is correctly redistributing the route to the 192.168.0.0/24 network.
- Check the routing table on the FortiGate to confirm it has a route to 192.168.0.136.
- Ensure that the OSPF configuration is correct and the necessary networks are included in the OSPF configuration.

3. Verify Routing on MTAVARI Router:
- Ensure that the MTAVARI router has a static route back to the OPPA network. This is crucial because even if the OPPA router can send packets towards the MTAVARI network, the MTAVARI router needs to know how to send the responses back.

4. Ping and Trace Route:
- From the OPPA router, try to ping the FortiGate interface IP address that connects to the MTAVARI router. This will help to determine if the problem is with the FortiGate to MTAVARI segment.
- Use the `traceroute` command from the OPPA router to 192.168.0.136 to see where the packets are getting dropped.

5.ICMP Configuration:
- Ensure that ICMP is allowed on all interfaces involved in the path (OPPA router, FortiGate, MTAVARI router).

6. NAT and Firewall Rules:
- Verify that there are no NAT issues or firewall rules blocking the ICMP traffic on any of the devices.
- Check the FortiGate firewall policies to ensure that traffic is allowed from the OPPA network to the MTAVARI network.

Example Commands for Verification

On OPPA Router:
shell
# Show the routing table
show ip route

# Ping FortiGate interface
ping [FortiGate-Interface-IP]

# Traceroute to the target
traceroute 192.168.0.136
```

On FortiGate
```shell
# Show the routing table
get router info routing-table all

# Show OSPF configuration
get router info ospf status

# Show OSPF database
get router info ospf database
```

On MTAVARI Router:
```shell
# Show the routing table
show ip route

# Ping FortiGate interface
ping [FortiGate-Interface-IP]

# Ensure static route to OPPA network exists
ip route [OPPA-network] [next-hop-IP]
```

Configuration Check on FortiGate for OSPF and Static Routes

Redistribute Static Routes in OSPF:
```shell
config router ospf
config redistribute "static"
set status enable
set metric-type 1
end
end
```

Example of Adding Static Route on MTAVARI Router:
```shell
ip route [OPPA-network] [next-hop-IP]
```

common Isues to Check

1. Asymmetric Routing: Ensure that the return path for the ping packets is correctly routed back to the OPPA router.
2. Firewall Policies: Ensure that there are no firewall policies blocking ICMP traffic on FortiGate or the routers.
3. Network Mask Mismatch: Ensure that the network masks are correctly configured on all devices.

By following these steps and verifying the configurations on each device, you should be able to diagnose and resolve the routing issue preventing the ping from OPPA to the host at 192.168.0.136. If issues persist, detailed log analysis on FortiGate and routers can provide further insights.