Hi everyone
We're trying to connect 2 sites with an VPN IPSEC. with the tunnel up and working. we have the next issue:
Scenario:
Triying to connect 192.168.0.102 --> 10.58.152.10
Having the following issue:
Anyone can help please?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Finally solved restoring backup :)
Hi,
Please provide the output for the following:
get router info routing-table details 192.168.0.102
get router info routing-table details 10.58.152.10
Once you share these outputs, we can clarify what might be going wrong here.
Thank you.
Shahan
Routing table for VRF=0
Routing entry for 192.168.0.0/22
Known via "connected", distance 0, metric 0, best
* is directly connected, VLAN-A.
FGT01 (root) ## get router info routing-table details 10.58.152.1
Routing table for VRF=0
Routing entry for 10.58.152.0/24
Known via "static", distance 10, metric 0
10.58.152.1, via port14
Routing entry for 10.58.152.0/24
Known via "connected", distance 0, metric 0, best
* is directly connected, port14
Hi,
If you could see that there is no route for 192.168.0.102 via IPsec Interface, that is why you are seeing reverse path check.
Routing table for VRF=0
Routing entry for 192.168.0.0/22
Known via "connected", distance 0, metric 0, best
* is directly connected, VLAN-A.
You are receiving the traffic from source interface IPsec and you should also have a route that points at the Ipsec interface for 192.168.0.102.
Please add a static route and it should fix this.
Thanks,
Shahan
now i have the following
KS-SS-01 (root) # get router info routing-table details 192.168.0.102
Routing entry for 192.168.0.0/22
Known via "connected", distance 0, metric 0, best
* is directly connected, VLAN_A
* is directly connected, VLAN_A
* is directly connected, VLAN_A
Routing entry for 192.168.0.0/22
Known via "static", distance 10, metric 0
directly connected, IPSEC-A
KS-SS-01 (root) # get router info routing-table details 10.58.152.10
Routing table for VRF=0
Routing entry for 10.58.152.0/24
Known via "static", distance 9, metric 0
10.58.152.1, via port14
Routing entry for 10.58.152.0/24
Known via "connected", distance 0, metric 0, best
* is directly connected, port14
Hi,
I would suggest adding a more specific route as in this case connected route via VLAN_A would be preferred. May be you can test with adding a route only for 192.168.0.102/32.
Thanks,
Shahan
Hi,
You can also check the following article for details: https://community.fortinet.com/t5/FortiGate/Technical-Note-Details-about-FortiOS-RPF-Reverse-Path-Fo...
Thank you.
Shahan
Finally solved restoring backup :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.