Hi all
(sorry for the long post but I tried to explain a very strange problem...) After a power outage in our remote office I'm having some strange problems with the VPN connection between our Headquarter (HQ) and our remote office (RO) Our HQ has a Fortigate 60D (firmware 5.2.1 build 618) Our RO has a Fortigate 60C (firmware 5.2.1 build 618) There is a static VPN (called AW_VPN) between HQ and RO used for PC network traffic and also for telephones In "network - interfaces - internal" I have configured a VLAN to be used for telephones HQ PC network is 192.168.20.x HQ phones network is 192.168.1.x RO PC network is 192.168.120.x RO phones network is 192.168.101.x In both firewall are configured the static routes to forward to the VPN (AW_VPN) the traffic for both networks (PC and phones) PC traffic works correctly; no problem to access from HQ to RO and viceversa
Now the problem: Phones DO NOT work correctly; in our HQ there is the switchboard and remote phones cannot connect it I tried to connect my PC to the phones network and these are the tests In our Headquarter Ping from HQ PC (192.168.1.234) to HQ firewall (192.168.1.252) OK Ping from HQ PC (192.168.1.234) to HQ switchboard (192.168.1.2) OK Ping from HQ PC (192.168.1.234) to RO firewall (192.168.101.252) OK Ping from HQ VI (192.168.1.234) to RO telephone (192.168.101.172) OK Ping from HQ PC (192.168.1.234) to RO PC (192.168.101.100) NOT OK In our remote office Ping from RO PC (192.168.101.100) to RO telephone (192.168.101.172) OK Ping from RO PC (192.168.101.100) to RO firewall (192.168.101.252) OK Ping from RO PC (192.168.101.100) to HQ firewall (192.168.1.252) NOT OK It seems to me that there is "something" blocking the telephone traffic from remote office to headquarter As I said the 2 static routes are correctly configured; take into consideration that everithing was working correctly and the problems appeared after a power outage. Some configurations are lost ? Which ? Maybe the firewall LAN port is damaged ? But also pc network traffic uses the same port and it works.. Any idea ? Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have had a similar issue once where I had to bring the tunnel down and then back up, then it would work as designed. Have you tried that?
Did you check to make sure the policies are there and enabled?
Does the route show up in the routing monitor?
What do the policies look like?
What do your VPN phase 2 settings look like? Are all the networks defined?
Did anything else change other than the power outage?
Hello.
Please can show provide screenshots of your policies ? What is the result of a tracert from the impacted devices to the destination ? Are you sure that the concerned network is present in the IPSec tunnel configuration on both side ? it is really important to have exactly the same network (also called proxyID in some other firewalls). You can maybe try to just setup 0.0.0.0 0.0.0.0 in your network (in the configuration of ipsec tunnel) just to see if this solves the problem.
BR
Hi all
solved !
It was, as you suggested, a problem of policy; one of them was incorrect
What I don't understand is that, as I said, I did not change anything on policies after power outage as I was thinking that everithing was correctly configured and working.
Maybe the correct policy was "running in memory" but not saved and after the reboot it restarted with an old one (not correct) ?
Could it be possible ?
Thank you all
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.