Working with a FortiGate that previously had a L2TP/IPSec VPN for
Dial-up/Remote users configured. The device now sits behind a Velocloud
Edge SD-WAN device and the WAN connection is plugged into it with an
uplink from the edge device into WAN1 port ...
I see a lot of these messages after running the diag debug flow
command... id=20085 trace_id=825 func=print_pkt_detail line=5253
msg="vd-root received a packet(proto=17, x.x.x.x:1004->10.x.x.x:500)
from wan1. " id=20085 trace_id=825 func=resolve_ip_t...
emnoc wrote:The cli cmd diag debug flow and no you should not need a
secondary IP. I would ensure NAT-T is enabled on the FGT I'll run that
command now and post results, I do have NAT Traversal on the Tunnel set
to Enabled.
