Hi Guys,
First of all, I am not sure if this was raise already but I just need some clarification about the routing on Route-based IPSec VPN.
The scenario was, I was building a route-based site-to-site ipsec tunnel between FortiGate and Cisco router.
I was able to bring the tunnel up, dynamic routing is working and hosts from both ends are able to reach each other.
However, I was wondering that once the VPN is established, FortiGate can no longer PING Cisco's public IP.
It seems the routing to Cisco's public address is been rerouted to the vpn tunnel interface instead of keeping it on the default route on its wan interface.
====================================
FGT# get router info routing-table details 114.8.24.6 Routing entry for 114.8.24.6/32 Known via "connected", distance 0, metric 0, best * is directly connected, vpn_tunnel2
====================================
Is there a way or a tweak to still enable the Fortigate to ping its vpn peer IP even if the VPN is established?
Thanks,
Cliff
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Have you sniffed at fortigate side when you pinged from the Cisco's public peer IP what interface it hits and the reply goes out?
diag sniffer packet any "host [CISCO_PUB_PEER_IP] and icmp" 4
option 4 would show you interfaces.
Or, at this point, I would suggest you open a ticket with TAC to get it looked at. This looks like very specific to your FG, version, and the setup. I never experienced this problem with our customer's Cisco CPEs connected to our FG IPSec concentrators.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.