Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mateusz
New Contributor

Created on ‎09-15-2022 01:42 AM

static routing via tunel

I have a problem, I have double nat done on tunnel_VPN and want to create static routing for another network from tunnel 172.22.0.0/24, but when I check traceroute it sends it out into space. I add a signal to go through my WAN gateway (port1) and add the tunnel_VPN interface I created, but that doesn't work. Can anyone help me?

Labels:
1712
0 Kudos
9 REPLIES 9
akristof
Staff
Staff

Created on ‎09-15-2022 02:21 AM

Hello,

It is not really clear what you are trying to do and what is the problem. Can you share with us more information, routing-table, traces, etc?

Adrian
1700
0 Kudos
Mateusz
New Contributor
In response to akristof

Created on ‎09-19-2022 02:23 AM

I need to do network routing 172.22.0.0 in the VPN tunnel.  I need to access the 172.22.0.0 network.
Firewall_police_nat.PNGVirtual_IP.PNGstatic_route_tabel.PNGIP_Pools.PNG

 

1689
0 Kudos
Mateusz
New Contributor
In response to Mateusz

Created on ‎09-19-2022 03:06 AM

interface.PNG

1686
0 Kudos
akristof
Staff
Staff
In response to Mateusz

Created on ‎09-19-2022 03:55 AM

Hi,

Thank you. And how is your tunnel configured? Do you have 0.0.0.0/0 as selectors or specific subnets? Also, I want to clarify, is traffic working and only traceroute is showing incorrect next-hop or traffic via tunnel is not working at all?

Adrian
1685
0 Kudos
Mateusz
New Contributor
In response to akristof

Created on ‎09-19-2022 04:02 AM

now yes traffic to my network 172.16.0.0. works fine, you can connect but it doesn't go the other way.tracert.PNGtunel.PNG

1684
0 Kudos
akristof
Staff
Staff
In response to Mateusz

Created on ‎09-19-2022 04:28 AM

Hi,

Thank you. If I should guess, it is related to the SNAT. Is FortiGate also on remote end? Or it is different vendor? If it is FortiGate, then do one debug flow on each device would be the best to see if traffic is routed correctly or not.

Adrian
1679
0 Kudos
Mateusz
New Contributor
In response to akristof

Created on ‎09-19-2022 04:56 AM

so there is also a fortigate at the other end.

1678
0 Kudos
Mateusz
New Contributor
In response to Mateusz

Created on ‎09-19-2022 04:56 AM

Ok, and if we have it turned on and tracert goes to my address 192.168.0.1 and it still doesn't work, is the problem with me or on the other end?

1678
0 Kudos
akristof
Staff
Staff
In response to Mateusz

Created on ‎09-19-2022 05:50 AM

Hello,

In your case, because you don't have IP address on tunnel interface, traceroute will show you IP address of the interface with the lowest index. I recommend to run debug flow on both devices and check what is happening with the packet.

https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/54688/debugging-the-packet-flow

Adrian
1676
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.