Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sims
New Contributor III

ospf between two vdoms

Hi,

 

 

 

Vdom1

 

Link name :  TO-VDOM21

Ip 10.0.2.2/24

 

Interface ospf 

10.0.2.2

 

Network 

10.0.2.0/24

 

 

E2    192.168.3.10/32 [110/20] via 10.0.2.1, TO-VDOM21, 00:47:31

192.168.5.0/24 [110/20] via 10.0.2.1 TO-VDOM21, 00:47:31

 

from vdom1 i cannot reach 192.168.3.10 ,but vdom 2  I can reach 

 

 

 

———————————————————————————————

 

 

Vdom2

 

interface 

to_router3

Ip 192.168.5.11

 

 

Vdom2 link

Name TO-VDOM20

 ip 10.0.2.1/24

 

 

 

interface ospf 

 

10.0.2.2

 

192.168.5.10( port5 internal)

 

Network 

192.68.5.0/24

10.0.2.0/24

 

 

OSPF  ROUTE  

 

O E2    192.168.3.10/32 [110/20] via 192.168.5.12, to_router3 , 04:52:39

 

Please help 

 

Thanks

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

Does Router3 have a route back to 10.0.2.2, which is the source IP?
sims
New Contributor III

Hi,

Through ospf router3 must have learned about 10.0.2.2 

 

I  executed ping from  FW cli , did not use any source ip address 

 

from firewall local traffic log , I can see source is 10.0.2.2 

Thanks

Toshi_Esumi
Esteemed Contributor III

That's the first thing I would check for any routing issues. Because that's the most common problem: route is not there.Then if all routes are there at all hops, it's time to sniff traffic at vdom2 "diag sniffer packet any 'host 10.0.2.2' 4" to see it's actually going out and a return comes back in.

Since you never mentioned about a pair of policies at vdom2, I'm assuming they're there to pass traffic from/to the vdom-link to/from the interface toward router3.

sims
New Contributor III

 

Hi,

I have  single policy for testing 

thanks  

 

 

192.168.5.0 network is not the real ip  , the real ip  is public , but it is internally assigned . 

In the same above policy If I nat ( outside interface ) it works .

 

 

Labels
Top Kudoed Authors