hello
i have 2 fortigate 60F
-one in headquarter with a VPN server Dial up
-one remote with site to site vpn configure to outgoing traffic via the VPN to the headquater.
i use the wizard to configure on the 2 routers.. everything has been created (policy, backhole...)
all is ok, and functionnal on vlan1 ... and have internet and the public IP is the IP of the haedquarter.
but the another vlan (2,3...) of the remote site doesnt go on internet;
i can ping the public adress of the headquarter when i am on the problematic vlan's
the goal is to have all of the vlan go throught VPN and go on internet with the public IP of the headquater.
ps : i dont have vlan on the headquarter .. only vlan1
ps: when i bring down the vpn ... all the vlan go the internet via the local connexion (remote site)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Thank you for reaching out. This sounds like a traffic issue. I recommend checking the config first making sure vlan2 and 3 subnets are configured as phase 2 selectors on the ipsec tunnel on the spoke as local subnets and on the ipsec tunnel on the hub as remote subnets as well as checking static routes are correct for those 2 vlans and offcourse the firewall policies. Other than that you can troubleshoot the issue further by running the sinffer and debug flow commands below on both the hub and the spoke simultaneously to find out where does the traffic stop:
cli(1):
# diag sniffer packet any "host <dst address> and icmp" 4 0 l ------------ assuming you are testing the issue with icmp packet
cli(2):
di de reset
di de flow filter addr <dst address>
di de flow filter proto 1 ------------------ icmp protocol
di de flow trace start 10
di de en
Thank you,
saleha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.