HiI have a strange bug, i have two fortigate f100 with ipsec connection
up and runing, I have sslvpn on one ot then allowing me access to the
other side. I can ping all the vms on both side from ssl vpn, I can ping
"somes" VM between sites through ip...
Well finally got this working, it was so easy .... NAT !I need NAt
enabled on one policy only on both sides! ( ipsec->lan ) , now the
system are replying whitout problem. Fortinet support found that!
checking the session list I found thisofld_fail_reason(kernel, drv):
not-established/not-established,
IPSec-enc-SA-not-offloaded(6)/IPsec-dec-SA-not-offloaded(7)npu_state_err=04/04