Device : Fortigate 40F
Firmware :v7.0.12 build0523 (Mature)
I am following this article to configure site to site VPN :
I am not sure how to setup parameters for phase 1 and phase 2 tunnel and how do I configure Phase 2 tunnel since I cant find any options in firewall console.
Created on 08-07-2023 07:59 AM Edited on 08-07-2023 08:02 AM
Tunnel has been established After setting up phase 1 and phase 2 encryption but no communication between subnets. Highly appreciate your support to help me investigate the issue.
Hi @Need2Know
I am glad to know that the tunnel is configured successfully.
Please check if you have the route configured correctly.
Make sure if you are using SDWAN or policy route to send the all the traffic via the ISP interface.
For checking the traffic please check collect the below debug logs and confirm that traffic is leaving from the firewall.
Putty1 :
diag debug reset
diagnose debug console timestamp enable
diag debug flow show function-name enable
diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with source machine IP address
diag debug flow trace start 10000
diag debug enable
Putty2 :
diag sniffer packet any ' host x.x.x.x' 6 0 a
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Hi @pgautam,
Please download the txt files in ZIP from the link below.
There was no option to upload the txt files here
Hi @pgautam
Please advise how do I upload txt files here as attachment as there is only option to upload photos.
Please help.
Hi @Need2Know
Thank you for sharing the logs. We are not observing any traffic towards the 10.0.1.4 from the debug file.
Please check the routes on the FortiGate using below command:-
get router info routing-table details 10.0.1.4
This should point toward the IPSEC tunnel you created.
If after confirming the proper route and policy also traffic does not work then you can open the TAC case for further investigation.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Thank you so reply @pgautam . Please see the output below.
Firewall #
Firewall # get router info routing-table details 10.0.1.4
Routing table for VRF=0
Routing entry for 0.0.0.0/0
Known via "static", distance 5, metric 0, best
* 94.203.142.1, via ppp2
not sure why firewall is keeping
* 94.203.142.1, via ppp2
Hi @Need2Know
Please check the AD value of the route gets configured for the IPSEC tunnel interface subnet.
Apart from this please the IPSEC tunnel route from the database
get router info routing-table database
If a route using the tunnel shows inactive in that case make sure the tunnel status is up
get vpn ipsec tunnel summary
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Azure Virtual Network gateway IP address is 20.203.52.164
Firewall WAN IP address is 94.206.201.171
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1752 | |
1115 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.