Hi Everyone
Im Stuck with an site to site Configuration. I was able to setup the Tunnel between Fortigate and Netgear. Configured Firewall rules. But i cant ping from either nor other side. Has some one an similar Configuration? What information do i have to provide here?
Regards
Christian
Good Morning
Yes i have. But on all doc's is written that i have select VPN. But i don's see any VPN Options on Routing creation. I Just can select Network.
Bildschirmfoto 201..-14 um 08.41.02.jpg
Here is the Networkview.
wan1 46.xxx.xxx.xxx 255.255.254.0 Physical AUTO-IPSEC 9 Road_Warroir 0.0.0.0 0.0.0.0 VPN Tunnel 3 S2S-Flue5 0.0.0.0 0.0.0.0 VPN Tunnel 4
Regards
Christian
Hi, find attached image of fortigate vpn tunnel creation. Also make sure that you configured the local and remote interfaces with correct ip addresses.
Hi,
Kindly collect the packets from the below commands to see where the packet is passing.
diag debug reset diag debug enable diagnose debug flow filter addr x.x.x.x diagnose debug flow filter proto 1 diag debug flow show console enable diag debug flow show function-name enable diag debug flow trace start 200
Where x.x.x.x is a private IP behind netgear device
After initiating the above commands on the SSH session, then try to ping x.x.x.x from your private IP address.
Cheers,
Somu
Hi Sumo
Here is the log:
id=20085 trace_id=17 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 192.168.222.144:1->192.168.5.1:8) from internal. code=8, type=0, id=1, seq=26."
id=20085 trace_id=17 func=init_ip_session_common line=4569 msg="allocate a new session-0013e41b"
id=20085 trace_id=17 func=vf_ip4_route_input line=1596 msg="find a route: flags=00000000 gw-192.168.5.1 via S2S-Flue5"
id=20085 trace_id=17 func=fw_forward_handler line=671 msg="Allowed by Policy-4:"
id=20085 trace_id=17 func=ipsecdev_hard_start_xmit line=121 msg="enter IPsec interface-S2S-Flue5"
id=20085 trace_id=17 func=ipsec_common_output4 line=625 msg="No matching IPsec selector, drop"
id=20085 trace_id=18 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 192.168.222.144:1->192.168.5.1:8) from internal. code=8, type=0, id=1, seq=27."
id=20085 trace_id=18 func=resolve_ip_tuple_fast line=4479 msg="Find an existing session, id-0013e41b, original direction"
id=20085 trace_id=18 func=vf_ip4_route_input line=1596 msg="find a route: flags=00000000 gw-192.168.5.1 via S2S-Flue5"
id=20085 trace_id=18 func=ipsecdev_hard_start_xmit line=121 msg="enter IPsec interface-S2S-Flue5"
id=20085 trace_id=18 func=ipsec_common_output4 line=625 msg="No matching IPsec selector, drop"
id=20085 trace_id=19 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 192.168.222.144:1->192.168.5.1:8) from internal. code=8, type=0, id=1, seq=28."
id=20085 trace_id=19 func=resolve_ip_tuple_fast line=4479 msg="Find an existing session, id-0013e41b, original direction"
id=20085 trace_id=19 func=ipsecdev_hard_start_xmit line=121 msg="enter IPsec interface-S2S-Flue5"
id=20085 trace_id=19 func=ipsec_common_output4 line=625 msg="No matching IPsec selector, drop"
id=20085 trace_id=20 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=1, 192.168.222.144:1->192.168.5.1:8) from internal. code=8, type=0, id=1, seq=29."
id=20085 trace_id=20 func=resolve_ip_tuple_fast line=4479 msg="Find an existing session, id-0013e41b, original direction"
id=20085 trace_id=20 func=ipsecdev_hard_start_xmit line=121 msg="enter IPsec interface-S2S-Flue5"
id=20085 trace_id=20 func=ipsec_common_output4 line=625 msg="No matching IPsec selector, drop"
Regards
Christian
Good Morning
Problem Solved . There where 2 Issues. First one was Wrong Subnetmasking. Second was a wrong routing entry on the Netgear.
Thx for all the Helps.
Regards
Christian
Thanks Bra
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.