Tunnel Gre Over Ipsec

support12 · ‎11-04-2010

I have a and ipsec vpn with 2 fortigates. One fortigate has a tunnel gre with a router after the other fortigate. The tunnel gre is up but the fortigate that has the ipsec and the gre tunnel can not ping the peer tunnel ip of the other router. When i sniff i saw the comin packet from the other router arriving thru the tunnel but the fortigate with the ipsec and gre tunnel does not answer back. I did a traceroute at the fortigate that does not answer and he send the packet to himsel. Traceroute 192.168.129.2 the first hop is 127.0.0.1 localhost ( weird )

support12 · ‎11-04-2010

The ipsec tunnel is routed. The router with ip 192.168.5.2 can ping 192.168.6.1 and the forti with ip 192.168.6.1 can ping 192.168.5.2 so the tunnel gre is form. When the router with ip 192.168.5.2 with source 192.168.129.3 try to ping the gre other end ip 192.168.129.1. I saw the echo request sniffing the vpn-interface at the forti with ip 182.168.6.1. But in reverse when the forti with ip 192.168.6.1 try to ping 192.168.129.2 with source 192.168.129.1 the packet i did not see it. When i did a tracer the first hop is 127.0.0.1 ( localhost) that forti did nor know how to send the packet thru the tunnel gre

rwpatterson · ‎11-08-2010

You have the same network on both ends of the tunnel. How are you supposed to route? The FGT is doing the right thing. The PC is telling the packet it is already on the right interface since the 192.168.129.x network is right there. (unless I' m reading that diagram incorrectly...) What are the LAN addresses at either end?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com