Hi,
I have set up a Ipsec VPN Site to Site between a 40F and a 40C via Internet. I have enable the NAT Translation in both side. But, I have added a static route on the 40F to route the traffic tag with the subnet where is the 40C behind a router.
I don't know why I have to do that.
regards.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I have resolved my issue. I have upgraded my 40F from 6.4 to 7.4 version and It have solved my problem.
I have follwed the step of a dialup vpn configuration.
Thank you for your help.
Regards.
Hi Hakim,
After going through the query, we understand you are having the issue IPsec Site-Site.
However could you please elaborate "But, I have added a static route on the 40F to route the traffic tag with the subnet where is the 40C behind a router."?
So you are creating a static route on the 40F firewall for your subnet behind the 40C, and you want to know why it should be done, is this your query?
If so, could you confirm if the VPN is created with Wizard or Custom type on the 40F.
If it is Wizard, it would automatically create a route which you need not to create, but at the end of the day, firewall needs the route for remote end LAN pointed to VPN, without which firewall would not know where to route the traffic for remote LAN subnet.
In case if you query is different, you may elaborate more please.
Thank you!
Thallapelly Thrilok.
Hello @Hakim1972
As, I understand that you are having queries with the route that you configured in the Firewall.
Could you please provide below details:
+ Source and Destination Network/IP
+ Below output command from both the firewalls
get router info routing-table details
Thanks,
@chauhans
HQ (40F): External from ISP (74.57.145.30)/Internal 192.168.1.254(/24)
Router behind Remote Branch 40C: External from ISP: 204.48.94.195
Remote Branch 40C: WAN Port (DHCP) 192.168.82.60/24, Internal: 192.168.10.1/24
I have to create a static route on thw HQ 40F: 192.168.82.0/24 redirect to IPSec Tunnel.
I don't understand why. If I remove the route, I can ping with no pb the 40C Branch but not the inverse if I don't add the route.
The main problem is the 40C is on DHCP and I take it with me when I travel so the subnet can change.
I have setup the Nat Transversal.
Thank you for your help.
Hi @Hakim1972,
If 40C has dynamic IP address, you need to configure dialup tunnel on the 40F. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dialup-VPN-Configuration-Between-Two-Forti...
Regards,
Hi,
I have resolved my issue. I have upgraded my 40F from 6.4 to 7.4 version and It have solved my problem.
I have follwed the step of a dialup vpn configuration.
Thank you for your help.
Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.