Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nrt
New Contributor II

ip sec vpn ping problem

Hi All

I have a ping problem in the ipsec tunnel. Vpn tunnel up. The connection is established. I can reach the other party's gateway. When I ping from the local network, it does not work, but when the other party pings me, I can reach and connect. After 10 - 15 minutes, I cannot ping again. When the other party pings me, I ping again. Meanwhile, the tunnel never goes down and is up.

My Device Fortigate 60F

Version 7.4.1

1 Solution
Nrt
New Contributor II

hi. Many helpfull for me. thanks

View solution in original post

4 REPLIES 4
hbac
Staff
Staff

Hi @Nrt,

 

You can run debug flow as follow to see if the traffic is being dropped or not. 

 

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr 192.168.5.2           >>>   destination IP address 
di deb flow filter proto 1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

 

Regards, 

Nrt
New Contributor II

Thanks your kindly support

vbandha
Staff
Staff

@Nrt 

Also check the packet flow on both sides when the ping is not working.

On fortigate side you can use this command:
diag sniffer packet any 'host <Other side IP> and icmp' 4 0 l

 

With this you can check if the ping is being sent on tunnel or not. 

If the ping is being sent on tunnel then it is probably issue on other side. If the ping is not being sent on tunnel interface then it is some issue on your side.

Also check the routing table at the time issue is happening:

get router info routing-table details <Remote IP> 

 

 

 

Nrt
New Contributor II

hi. Many helpfull for me. thanks

Top Kudoed Authors