Hello Everyone!
I would appreciate if someone could shed some light on my issue with IPSec VPN tunnel.
I have a pretty simple setup: Local Network (10.110.0.0/16), AWS VPC (172.10.10.0/24), and 100D firewall. I downloaded configs from AWS and build 2 redundant tunnels, which are up and passing "some" traffic. Everything is setup to pass all traffic from and to AWS without any explicit rules. I do interface-based VPN, so static route is setup to send all 172.10.10.20/24 traffic to VPN interface. The problem I'm having is that I can ping from AWS anything on 10.110.0.0 network, but I can't ping any AWS instances from my LAN.
I'm using "diagnose sniffer packet "MY_INTERFACE"" to see what's going on with the traffic and what I found out is, when I ping from my LAN, sniffer shows "279.429024 169.254.X.X -> 172.10.10.222: icmp: echo request" and I don't get any replies. However, if I specify source interface for my pings to be my firewall's local IP, I get replies back and sniffer shows the following "1208.781932 10.110.1.200 -> 172.10.10.222: icmp: echo request,
1208.821932 172.10.10.222 -> 10.110.1.200: icmp: echo reply".
I have similar tunnels (and they work as expected) from other locations and everything looks the same to me (I didn't setup original firewalls, but I built the network infrastructure in Amazon, so all static routes in Amazon are correct).
Thank you in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ede
AWS uses ipv4 link-local-address for the VPN VPC connectors this way they have a ideal of no duplicate ipv4 address.
PCNSE
NSE
StrongSwan
OK, thanks for the feedback regarding APIPA or non-APIPA.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.