Hi All
I have a ping problem in the ipsec tunnel. Vpn tunnel up. The connection is established. I can reach the other party's gateway. When I ping from the local network, it does not work, but when the other party pings me, I can reach and connect. After 10 - 15 minutes, I cannot ping again. When the other party pings me, I ping again. Meanwhile, the tunnel never goes down and is up.
My Device Fortigate 60F
Version 7.4.1
Solved! Go to Solution.
hi. Many helpfull for me. thanks
Hi @Nrt,
You can run debug flow as follow to see if the traffic is being dropped or not.
di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr 192.168.5.2 >>> destination IP address
di deb flow filter proto 1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable
Regards,
Thanks your kindly support
Also check the packet flow on both sides when the ping is not working.
On fortigate side you can use this command:
diag sniffer packet any 'host <Other side IP> and icmp' 4 0 l
With this you can check if the ping is being sent on tunnel or not.
If the ping is being sent on tunnel then it is probably issue on other side. If the ping is not being sent on tunnel interface then it is some issue on your side.
Also check the routing table at the time issue is happening:
get router info routing-table details <Remote IP>
hi. Many helpfull for me. thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.