I have a problem, I have double nat done on tunnel_VPN and want to create static routing for another network from tunnel 172.22.0.0/24, but when I check traceroute it sends it out into space. I add a signal to go through my WAN gateway (port1) and add the tunnel_VPN interface I created, but that doesn't work. Can anyone help me?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
It is not really clear what you are trying to do and what is the problem. Can you share with us more information, routing-table, traces, etc?
I need to do network routing 172.22.0.0 in the VPN tunnel. I need to access the 172.22.0.0 network.
Hi,
Thank you. And how is your tunnel configured? Do you have 0.0.0.0/0 as selectors or specific subnets? Also, I want to clarify, is traffic working and only traceroute is showing incorrect next-hop or traffic via tunnel is not working at all?
now yes traffic to my network 172.16.0.0. works fine, you can connect but it doesn't go the other way.
Hi,
Thank you. If I should guess, it is related to the SNAT. Is FortiGate also on remote end? Or it is different vendor? If it is FortiGate, then do one debug flow on each device would be the best to see if traffic is routed correctly or not.
so there is also a fortigate at the other end.
Ok, and if we have it turned on and tracert goes to my address 192.168.0.1 and it still doesn't work, is the problem with me or on the other end?
Hello,
In your case, because you don't have IP address on tunnel interface, traceroute will show you IP address of the interface with the lowest index. I recommend to run debug flow on both devices and check what is happening with the packet.
https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.