Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PaulDelloro
New Contributor

Site to Site IP Sec VPN - Pinging in Fortigate CLI but not in Local and remote user

I created site to site vpn for our 2 branches, both with fortigate device. It shows that it is up and ping is successful in CLI. but in the remote and local user it is unreachable. Our main branch is using the fortinet as main router with PPOE. branch 2 there is a business in a box maintained by ISP with public IP and fortinet has a local Wan ip as well. Anyone have any idea what i need to do.

 

Thanks,

FortiGate 

2 REPLIES 2
mahesh_pm
New Contributor II

Hi ,

please verify below points 

 

1. firewall policy is in place ( VPN to LAN and vice versa)

2. any policy route configured for internet routing ?

 

collect the below output from CLI.

diag sniffer packet any 'src host x.x.x.x and dst host y.y.y.y' 4 0

 

replace x.x.x.x with local system ip and y.y.y.y with remote system ip.

 

 

 

Regards

Mahesh

 

Vichu_94
Staff
Staff

Hi Paul, 

Please try to run the below command to check the flow filter logs 

di de flow filter saddr x.x.x.x
di de flow filter daddr y.y.y.y
di de flow filter proto 1
di de flow show function-name
di de flow show iprope enable
di de flow trace start 1000
di de en 

The iprope command will let us know which policy the traffic is hitting. First we would need to verify if the traffic is hitting the correct policy 

After running the command, try to initiate a ping from the Test pc. Check the logs see if the firewall is allowing the connection 

 

Regards
Vishal P 

Vishal P
Labels
Top Kudoed Authors