Hi, I have setup IPsec s2s vpn between two site, A and BA is behind a
NAT router, topology:192.168.63.0/24 <-> A (VPN router) <-> NAT router
<-> internet <-> B (fortigate) <-> 192.168.2.0/24 I've successfully
established phase 2 IPsec tunnels between...
I created a new IPsec tunnel with "Custom" template instead of "Site to
Site", copy all existing settings to the new tunnel, and deleted the old
tunnel. Suddenly everything work as expected ! Both side can ping each
other! I don't know why, it just h...
Yes, I'm trying to debug the incoming traffic, it's so weird that
traffic is coming in from wan2 instead of tunnel interface "tun02" The
other side vpn router have no console or other useful debuging tools,
but traffic from the other side does reach ...
1. Yes I have policy routes to route differnet subnets to differenet wan
interfaces, but I have first policy route rule to stop policy route if
dstaddr is 192.168.63.0/24: config router policyedit 1set srcaddr
"all"set dstaddr "192.168.63.0"set actio...
more troubleshooting: diag de flow filter addr 192.168.63.110diag de
flow filter proto 1diag de flow trace start 100diag de en # id=20085
trace_id=165 func=print_pkt_detail line=5863 msg="vd-root:0 received a
packet(proto=1, 192.168.63.110:31771->192...
1. Yes my fortigate have policy route to route subnets to different wan
interfaces,but I have the policy routes rule: config router policyedit
1set srcaddr "all"set dstaddr "192.168.63.0"set action denynextendto
stop policy routing for subnet 192.168...