Hi all,
Need your support on shortcut tunnels. Basically , I am not able to reach from SPOKE_1 to SPOKE_2 via shortcut tunnels. Instead, traffic is getting routed to Hub tunnel ip than to Spoke_2 tunnel ip. My shortcut tunnel does comes up.i can see in ipsec monitor,but no data flows through it.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Kindly see the below link for troubleshooting:
Hi
Did you follow the instruction below? If so, in your case you may double-check the routing configuration and behavior.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/978793/advpn
You may refer to below guide
Troubleshooting Tip: ADVPN shortcuts are not establishing between Spokes
Troubleshooting Tip: ADVPN shortcut cannot be created and the forward shortcut-query shows as '00000...
On HUB, net-device should be disable
On Spoke, net-device should be enable
Also, make sure that "auto-discovery-receiver" is enable on Spokes
While, "auto-discovery-sender" enable on HUB.
Hi @Castle_47,
If the tunnel comes up but no traffic passing, you need to run debug flow to see why. https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Example: di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr 10.1.1.1
di deb flow filter proto 1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable
On the hub, you need a policy to allow traffic from tunnel to tunnel (same incoming and outgoing interfaces).
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1518 | |
1018 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.