Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anatoli
New Contributor

Created on ‎05-31-2023 09:45 AM

Ipesec tunnel no traffic oposite direction

Dear all:


I established an IPSEC tunnel and am scanning, but there is no activity on the opposite path.

 

Tunel1.pngtunel2.png

Labels:
1180
0 Kudos
9 REPLIES 9
scan888
Contributor

Created on ‎05-31-2023 11:13 AM

Hi @Anatoli 

 

Try to find your issue with the following debug commands

diag debug enable
diag debug application ike -1

The output should you help to identify the reason for that.

 

Also check the routing table. Do you see the needed routing entries:

get router info routing-table all
- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
1167
gfleming
Staff
Staff

Created on ‎05-31-2023 12:25 PM

You won't see hits on the return policy if all traffic is generated from your side. Are you getting return traffic when you initiate traffic to the remote side?

 

If not, you need to look at the remote side config. Is IPSec configured properly?

Cheers,
Graham
1155
0 Kudos
Anatoli
New Contributor
In response to gfleming

Created on ‎06-01-2023 01:23 PM

Hi

I attempt a connection from FW1 to the server on the FW2 side.


Yes, I think I got the side Fw2 correct. It's probable that the issue occurred with the Forti 30E's FW, which is version 5.4.4, build 1117 (GA9 it has a flaw or something similar).

The traffic goes over the internet rather than the tunnel when I perform a policy lookup for reach LAN FW1

1078
0 Kudos
Anatoli
New Contributor

Created on ‎05-31-2023 03:18 PM Edited on ‎05-31-2023 04:06 PM

@scan888  @scan888 

FW1

 

data.png

ike shrank heap by 159744 bytes
ike 0:Ruff_Icma: link is idle 31 80.28.205.28->80.28.205.24:0 dpd=2 seqno=51b rr=0
ike 0:Ruff_Icma:175: send IKEv1 DPD probe, seqno 1307
ike 0:Ruff_Icma:175: enc 1227D3972AAFA5F638A052DDE03F5C7208100501EF192AA5000000540B0000186E998DF05ADF38354CA3DCD0104FC54946153A55000000200000000101108D281227D3972AAFA5F638A052DDE03F5C720000051B
ike 0:Ruff_Icma:175: out 1227D3972AAFA5F638A052DDE03F5C7208100501EF192AA50000005C16CA2247AF06E531F697E947961F46F90C802B556A9F9F1B79F6F3A17A930211D390AC28FDCBB7AE1E0F19DD0F06DAD0CD7948663BAE8D261BC80A69505401DF
ike 0:Ruff_Icma:175: sent IKE msg (R-U-THERE): 80.28.205.28:500->80.28.205.24:500, len=92, vrf=0, id=1227d3972aafa5f6/38a052dde03f5c72:ef192aa5
ike 0: comes 80.28.205.24:500->80.28.205.28:500,ifindex=31,vrf=0....
ike 0: IKEv1 exchange=Informational id=1227d3972aafa5f6/38a052dde03f5c72:d8fd0f19 len=92 vrf=0
ike 0: in 1227D3972AAFA5F638A052DDE03F5C7208100501D8FD0F190000005C6D32AEC02F51CC4BE5428B48D6053A3388D0383A81BD200E751EEBDA5DD1B9C8F1460574AA4F7AFCAC5AC18B18388BBB7F4652F3CA65EB4F62F204A1B658FB9E
ike 0:Ruff_Icma:175: dec 1227D3972AAFA5F638A052DDE03F5C7208100501D8FD0F190000005C0B000018B841F8AF7693ABBFCD8D55D69727D1A27E192776000000200000000101108D291227D3972AAFA5F638A052DDE03F5C720000051BE9363AEA8E22DA07
ike 0:Ruff_Icma:175: notify msg received: R-U-THERE-ACK
ike 0:Ruff_Icma: link is idle 31 80.28.205.28->80.28.205.24:0 dpd=2 seqno=51c rr=0
ike 0:Ruff_Icma:175: send IKEv1 DPD probe, seqno 1308
ike 0:Ruff_Icma:175: enc 1227D3972AAFA5F638A052DDE03F5C720810050110875F96000000540B0000188B303B959F41609C9C8273482873DBCB8E6BC631000000200000000101108D281227D3972AAFA5F638A052DDE03F5C720000051C
ike 0:Ruff_Icma:175: out 1227D3972AAFA5F638A052DDE03F5C720810050110875F960000005C4A69FCDFB81D2DD78F0E5B3B28A66014343AECA83512304B5C5A2501F2FF0C54FE42F3BBFB643E28EF638FA51ADF9E0088639BCDD100D0E2FA727195BF8C544D
ike 0:Ruff_Icma:175: sent IKE msg (R-U-THERE): 80.28.205.28:500->80.28.205.24:500, len=92, vrf=0, id=1227d3972aafa5f6/38a052dde03f5c72:10875f96
ike 0: comes 80.28.205.24:500->80.28.205.28:500,ifindex=31,vrf=0....
ike 0: IKEv1 exchange=Informational id=1227d3972aafa5f6/38a052dde03f5c72:f41e029c len=92 vrf=0
ike 0: in 1227D3972AAFA5F638A052DDE03F5C7208100501F41E029C0000005C8267FBB14AD42A13A6BE91C0579636768B299D96B077C0E8032996FEF14B1FACDA465E90A423EFBBE68A735E599CDF84CBEB99D6A98F1541F30598432AC32FE1
ike 0:Ruff_Icma:175: dec 1227D3972AAFA5F638A052DDE03F5C7208100501F41E029C0000005C0B00001894C12E072E34A6003B08C4101A7B0362ED884164000000200000000101108D291227D3972AAFA5F638A052DDE03F5C720000051C857849FE5F8C9607
ike 0:Ruff_Icma:175: notify msg received: R-U-THERE-ACK
ike 0:Ruff_Icma: link is idle 31 80.28.205.28->80.28.205.24:0 dpd=2 seqno=51d rr=0
ike 0:Ruff_Icma:175: send IKEv1 DPD probe, seqno 1309
ike 0:Ruff_Icma:175: enc 1227D3972AAFA5F638A052DDE03F5C72081005013216E62F000000540B0000182740F9A6466A843BA347B3D63E1A0E362883A871000000200000000101108D281227D3972AAFA5F638A052DDE03F5C720000051D
ike 0:Ruff_Icma:175: out 1227D3972AAFA5F638A052DDE03F5C72081005013216E62F0000005C0C9BAD97BB3C0D91C6EFD4857C27A2776F27CFDE614DE1959FC6473151CB09B4AAC4ECFC8F77D1F841DE197665D9643FDCEFE62C86683BC28319BB357A8F6F6E
ike 0:Ruff_Icma:175: sent IKE msg (R-U-THERE): 80.28.205.28:500->80.28.205.24:500, len=92, vrf=0, id=1227d3972aafa5f6/38a052dde03f5c72:3216e62f
ike 0: comes 80.28.205.24:500->80.28.205.28:500,ifindex=31,vrf=0....
ike 0: IKEv1 exchange=Informational id=1227d3972aafa5f6/38a052dde03f5c72:9f1ce254 len=92 vrf=0
ike 0: in 1227D3972AAFA5F638A052DDE03F5C72081005019F1CE2540000005C67419F1DF889BD5214380DE4A121A04661375699C4C27D68BF27518EA297B33C87641C2037ACC7AF147FF36372B88EB62716AB93A51AB2AD543D5F9131EA47DD
ike 0:Ruff_Icma:175: dec 1227D3972AAFA5F638A052DDE03F5C72081005019F1CE2540000005C0B0000185D656766BA2161DB0A682E704308B6D5F2461105000000200000000101108D291227D3972AAFA5F638A052DDE03F5C720000051DFF74F647A9F08607
ike 0:Ruff_Icma:175: notify msg received: R-U-THERE-ACK

FGT_Ruffini # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
V - BGP VPNv4
* - candidate default

Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 192.168.144.1, ppp2, [1/0]
S 10.0.0.0/8 [1/0] via Ruff_Alum tunnel 80.35.249.204, [1/0]
C 10.10.10.0/25 is directly connected, internal4
C 80.28.205.28/32 is directly connected, ppp2
C 192.168.1.0/24 is directly connected, internal3
S 192.168.10.0/24 [10/0] via Ruff_Icma tunnel 80.28.205.24, [1/0]
C 192.168.144.1/32 is directly connected, ppp2
C 194.1.0.0/24 is directly connected, internal

 

 

FW 2

 

[__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory)

[__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory)

[__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory)

ike 0: comes 80.28.205.28:500->80.28.205.24:500,ifindex=21....

ike 0: IKEv1 exchange=Informational id=1227d3972aafa5f6/38a052dde03f5c72:c792434b len=92

ike 0: in 1227D3972AAFA5F638A052DDE03F5C7208100501C792434B0000005CDA5BD17F02E70A31DAAE547438DAA8DE55A081953E1FAA580358CF9BD8CF10531D7DB4114E93ED1F0366DA8F45CF1F05083B09AB0F216D8F4B8EFC03EA40B29C

ike 0:ICMA_RUFF:1086: dec 1227D3972AAFA5F638A052DDE03F5C7208100501C792434B0000005C0B00001808403B7DCAE7B0EC9CEE30E072F5A9115247846B000000200000000101108D281227D3972AAFA5F638A052DDE03F5C72000004F986B3A6E06414C807

ike 0:ICMA_RUFF:1086: notify msg received: R-U-THERE

ike 0:ICMA_RUFF:1086: enc 1227D3972AAFA5F638A052DDE03F5C7208100501C27F78E0000000540B000018F2D81765D33C99650EA250597FC3CD604D80AF10000000200000000101108D291227D3972AAFA5F638A052DDE03F5C72000004F9

ike 0:ICMA_RUFF:1086: out 1227D3972AAFA5F638A052DDE03F5C7208100501C27F78E00000005C848F3501DA3A4223C2F96FB7B63B644B9187BB3DA9874889BD7E760EA36FC83C93AFFC6F9A98183293FF63C042B1A9D8B68EE6DC9FF3051D2CA1F0E697602A54

ike 0:ICMA_RUFF:1086: sent IKE msg (R-U-THERE-ACK): 80.28.205.24:500->80.28.205.28:500, len=92, id=1227d3972aafa5f6/38a052dde03f5c72:c27f78e0

 

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default

 

S* 0.0.0.0/0 [10/0] via 192.168.144.1, ppp1

C 10.10.10.0/25 is directly connected, lan3

C 80.28.205.24/32 is directly connected, ppp1

C 192.168.10.0/24 is directly connected, lan

is directly connected, lan

C 192.168.144.1/32 is directly connected, ppp1

S 194.1.0.0/24 [5/0] via 10.10.10.1, lan3

 

The client established a wimax connection in order to connect to the FW 1, however if I disable the static route, the path goes through the policy internet. Why is this?

I vcant see in the static route the tunnel in cli, via gui i see the static route

 

 

 

 

 

 

1145
0 Kudos
Anatoli
New Contributor

Created on ‎06-01-2023 05:01 AM

Anybody   help me?

1123
0 Kudos
gfleming
Staff
Staff
In response to Anatoli

Created on ‎06-01-2023 09:10 AM

I asked you some questions which you have not responded to:

https://community.fortinet.com/t5/Support-Forum/Ipesec-tunnel-no-traffic-oposite-direction/m-p/25880...

Cheers,
Graham
1099
0 Kudos
ezhupa
Staff
Staff

Created on ‎06-01-2023 07:58 AM

Hello Anatoli, 

 

From FW perspective the link becomes idle and there is no response from other side. 

You can also try to set up a sniffer for esp packets on both FW1 and FW2 and see if FW1 is sending packets, if FW2 is receiving these packets and sending a response and if FW1 is receiving said replies.  
I would also double-check any phase2 configuration to be sure it is matching on both sides. 

diag sniffer packet any 'host <remote-gw> and esp' 4 0 l

 

If there is any NAT between sides you could test by enabling NAT-T on both sides. 

 

get router info routing-table all
get router info routing-table details x.x.x.x  <-- ip you are trying to reach. 

 

Debug flow should also give some information:

 

diagnose debug disable
diagnose debug reset
diagnose debug flow filter clear
diagnose debug flow show function-name enable
diagnose debug console timestamp enable
diagnose debug flow filter addr x.x.x.x <--- x.x.x.x host in the other side of the tunnel
diagnose debug flow trace start 2000
diagnose debug enable

ping the other side

diagnose debug disable (to stop)

1106
0 Kudos
Anatoli
New Contributor
In response to ezhupa

Created on ‎06-01-2023 02:00 PM Edited on ‎06-01-2023 11:46 PM

FW1
2023-06-01 22:47:43 id=65308 trace_id=33 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:43 id=65308 trace_id=34 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57167->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 4181113106, ack 0, win 8192"
2023-06-01 22:47:43 id=65308 trace_id=34 func=init_ip_session_common line=6049 msg="allocate a new session-0028786d, tun_id=0.0.0.0"
2023-06-01 22:47:43 id=65308 trace_id=34 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-80.28.205.24 via Ruff_Icma"
2023-06-01 22:47:43 id=65308 trace_id=34 func=__iprope_tree_check line=524 msg="gnum-100004, use int hash, slot=91, len=2"
2023-06-01 22:47:43 id=65308 trace_id=34 func=fw_forward_handler line=922 msg="Allowed by Policy-34:"
2023-06-01 22:47:43 id=65308 trace_id=34 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:43 id=65308 trace_id=34 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:43 id=65308 trace_id=34 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:43 id=65308 trace_id=34 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:43 id=65308 trace_id=35 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57168->192.168.10.11:139) tun_id=0.0.0.0 from internal. flag [S], seq 2675674944, ack 0, win 8192"
2023-06-01 22:47:43 id=65308 trace_id=35 func=init_ip_session_common line=6049 msg="allocate a new session-0028786e, tun_id=0.0.0.0"
2023-06-01 22:47:43 id=65308 trace_id=35 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-80.28.205.24 via Ruff_Icma"
2023-06-01 22:47:43 id=65308 trace_id=35 func=__iprope_tree_check line=524 msg="gnum-100004, use int hash, slot=91, len=2"
2023-06-01 22:47:43 id=65308 trace_id=35 func=fw_forward_handler line=922 msg="Allowed by Policy-34:"
2023-06-01 22:47:43 id=65308 trace_id=35 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:43 id=65308 trace_id=35 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:43 id=65308 trace_id=35 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:43 id=65308 trace_id=35 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:45 id=65308 trace_id=36 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57164->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 303270440, ack 0, win 8192"
2023-06-01 22:47:45 id=65308 trace_id=36 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-00287869, original direction"
2023-06-01 22:47:45 id=65308 trace_id=36 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:45 id=65308 trace_id=36 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:45 id=65308 trace_id=36 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:45 id=65308 trace_id=36 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:45 id=65308 trace_id=36 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:45 id=65308 trace_id=36 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:46 id=65308 trace_id=37 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57168->192.168.10.11:139) tun_id=0.0.0.0 from internal. flag [S], seq 2675674944, ack 0, win 8192"
2023-06-01 22:47:46 id=65308 trace_id=37 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786e, original direction"
2023-06-01 22:47:46 id=65308 trace_id=38 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57165->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 2680805567, ack 0, win 8192"
2023-06-01 22:47:46 id=65308 trace_id=37 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:46 id=65308 trace_id=38 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786b, original direction"
2023-06-01 22:47:46 id=65308 trace_id=37 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:46 id=65308 trace_id=39 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57167->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 4181113106, ack 0, win 8192"
2023-06-01 22:47:46 id=65308 trace_id=37 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:46 id=65308 trace_id=38 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:46 id=65308 trace_id=39 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786d, original direction"
2023-06-01 22:47:46 id=65308 trace_id=38 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:46 id=65308 trace_id=37 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:46 id=65308 trace_id=38 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:46 id=65308 trace_id=38 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:46 id=65308 trace_id=39 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:46 id=65308 trace_id=37 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:46 id=65308 trace_id=38 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:46 id=65308 trace_id=39 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:46 id=65308 trace_id=39 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:46 id=65308 trace_id=39 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:46 id=65308 trace_id=38 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:46 id=65308 trace_id=40 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57166->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 4010411380, ack 0, win 8192"
2023-06-01 22:47:46 id=65308 trace_id=39 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:46 id=65308 trace_id=40 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786c, original direction"
2023-06-01 22:47:46 id=65308 trace_id=40 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:46 id=65308 trace_id=40 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:46 id=65308 trace_id=39 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:46 id=65308 trace_id=40 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:46 id=65308 trace_id=40 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:46 id=65308 trace_id=40 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:46 id=65308 trace_id=37 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:46 id=65308 trace_id=40 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:51 id=65308 trace_id=41 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57164->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 303270440, ack 0, win 8192"
2023-06-01 22:47:51 id=65308 trace_id=41 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-00287869, original direction"
2023-06-01 22:47:51 id=65308 trace_id=41 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:51 id=65308 trace_id=41 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:51 id=65308 trace_id=41 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:51 id=65308 trace_id=41 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:51 id=65308 trace_id=41 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:51 id=65308 trace_id=41 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:52 id=65308 trace_id=42 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57168->192.168.10.11:139) tun_id=0.0.0.0 from internal. flag [S], seq 2675674944, ack 0, win 8192"
2023-06-01 22:47:52 id=65308 trace_id=42 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786e, original direction"
2023-06-01 22:47:52 id=65308 trace_id=43 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57165->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 2680805567, ack 0, win 8192"
2023-06-01 22:47:52 id=65308 trace_id=43 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786b, original direction"
2023-06-01 22:47:52 id=65308 trace_id=42 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:52 id=65308 trace_id=43 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:52 id=65308 trace_id=42 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:52 id=65308 trace_id=43 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:52 id=65308 trace_id=42 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:52 id=65308 trace_id=43 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:52 id=65308 trace_id=43 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:52 id=65308 trace_id=42 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:52 id=65308 trace_id=44 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57167->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 4181113106, ack 0, win 8192"
2023-06-01 22:47:52 id=65308 trace_id=42 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:52 id=65308 trace_id=43 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:52 id=65308 trace_id=44 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786d, original direction"
2023-06-01 22:47:52 id=65308 trace_id=44 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:52 id=65308 trace_id=43 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:52 id=65308 trace_id=45 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 194.1.0.40:57166->192.168.10.11:445) tun_id=0.0.0.0 from internal. flag [S], seq 4010411380, ack 0, win 8192"
2023-06-01 22:47:52 id=65308 trace_id=44 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:52 id=65308 trace_id=45 func=resolve_ip_tuple_fast line=5956 msg="Find an existing session, id-0028786c, original direction"
2023-06-01 22:47:52 id=65308 trace_id=44 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:52 id=65308 trace_id=45 func=npu_handle_session44 line=1199 msg="Trying to offloading session from internal to Ruff_Icma, skb.npu_flag=00000000 ses.state=00000204 ses.npu_state=0x01040000"
2023-06-01 22:47:52 id=65308 trace_id=44 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:52 id=65308 trace_id=45 func=fw_forward_dirty_handler line=414 msg="state=00000204, state2=00000001, npu_state=01040000"
2023-06-01 22:47:52 id=65308 trace_id=44 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:52 id=65308 trace_id=45 func=ipsecdev_hard_start_xmit line=669 msg="enter IPSec interface Ruff_Icma, tun_id=0.0.0.0"
2023-06-01 22:47:52 id=65308 trace_id=45 func=_do_ipsecdev_hard_start_xmit line=229 msg="output to IPSec tunnel Ruff_Icma vrf 0"
2023-06-01 22:47:52 id=65308 trace_id=45 func=esp_output4 line=895 msg="IPsec encrypt/auth"
2023-06-01 22:47:52 id=65308 trace_id=44 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"
2023-06-01 22:47:52 id=65308 trace_id=42 func=ipsec_output_finish line=629 msg="send to 192.168.144.1 via intf-ppp2"

Routing table for VRF=0
Routing entry for 192.168.10.0/24
Known via "static", distance 10, metric 0, best
* via Ruff_Icma tunnel 80.28.205.24 vrf 0


FW2
2023-06-01 22:50:23 id=20085 trace_id=10 func=init_ip_session_common line=4944 msg="allocate a new session-00497d00"
2023-06-01 22:50:23 id=20085 trace_id=10 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"
2023-06-01 22:50:23 id=20085 trace_id=10 func=ip_session_handle_no_dst line=5018 msg="trace"
2023-06-01 22:50:24 [__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory
2023-06-01 22:50:25 [__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory
2023-06-01 22:50:26 [__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memor)
2023-06-01 22:50:27 [__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memor)
2023-06-01 22:50:28 id=20085 trace_id=11 func=print_pkt_detail line=4793 msg="vd-root received a packet(proto=6, 194.1.0.40:57192->192.168.10.11:445) from ICMA_RUFF. flag [S], seq 2791365634, ack 0, win 8192"
2023-06-01 22:50:28 id=20085 trace_id=11 func=init_ip_session_common line=4944 msg="allocate a new session-00497d05"
2023-06-01 22:50:28 id=20085 trace_id=11 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"
2023-06-01 22:50:28 id=20085 trace_id=11 func=ip_session_handle_no_dst line=5018 msg="trace"
2023-06-01 22:50:28 [__cmdb_bg_fork:670] fork( ) failed: 12(Cannot allocate memory)
2023-06-01 22:50:29 id=20085 trace_id=12 func=print_pkt_detail line=4793 msg="vd-root received a packet(proto=6, 194.1.0.40:57194->192.168.10.11:445) from ICMA_RUFF. flag [S], seq 1801127558, ack 0, win 8192"
2023-06-01 22:50:29 id=20085 trace_id=12 func=init_ip_session_common line=4944 msg="allocate a new session-00497d06"
2023-06-01 22:50:29 id=20085 trace_id=12 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"
2023-06-01 22:50:29 id=20085 trace_id=12 func=ip_session_handle_no_dst line=5018 msg="trace"
2023-06-01 22:50:29 id=20085 trace_id=13 func=print_pkt_detail line=4793 msg="vd-root received a packet(proto=6, 194.1.0.40:57196->192.168.10.11:139) from ICMA_RUFF. flag [S], seq 691668436, ack 0, win 8192"
2023-06-01 22:50:29 id=20085 trace_id=13 func=init_ip_session_common line=4944 msg="allocate a new session-00497d07"
2023-06-01 22:50:29 id=20085 trace_id=13 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"
2023-06-01 22:50:29 id=20085 trace_id=13 func=ip_session_handle_no_dst line=5018 msg="trace"
2023-06-01 22:50:29 id=20085 trace_id=14 func=print_pkt_detail line=4793 msg="vd-root received a packet(proto=6, 194.1.0.40:57195->192.168.10.11:445) from ICMA_RUFF. flag [S], seq 754550009, ack 0, win 8192"
2023-06-01 22:50:29 id=20085 trace_id=14 func=init_ip_session_common line=4944 msg="allocate a new session-00497d08"
2023-06-01 22:50:29 id=20085 trace_id=14 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"
2023-06-01 22:50:29 id=20085 trace_id=14 func=ip_session_handle_no_dst line=5018 msg="trace"
2023-06-01 22:50:29 id=20085 trace_id=15 func=print_pkt_detail line=4793 msg="vd-root received a packet(proto=6, 194.1.0.40:57193->192.168.10.11:445) from ICMA_RUFF. flag [S], seq 3352035494, ack 0, win 8192"
2023-06-01 22:50:29 id=20085 trace_id=15 func=init_ip_session_common line=4944 msg="allocate a new session-00497d09"
2023-06-01 22:50:29 id=20085 trace_id=15 func=ip_route_input_slow line=2250 msg="reverse path check fail, drop"


get router info routing-table details 194.1.0.40

Routing entry for 194.1.0.0/24

Known via "static", distance 5, metric 0

10.10.10.1, via lan3 inactive


I don't understand chose this path My client has a wimax provisional connection for communicating betewwen two center , and the plan is to use an IPsec tunnel for this . I disabled this interface, lan 3, and the static route so that any traffic using this wimax connection p"

 

FW1

FW1non trafic.pngFW1.pngFW2.png

FW2

1053
0 Kudos
Anatoli
New Contributor
In response to ezhupa

Created on ‎06-01-2023 02:15 PM Edited on ‎06-01-2023 11:44 PM

Do you require any additional tests?

1048
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.