Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Created on ‎02-18-2022 03:03 AM Edited on ‎02-18-2022 03:07 AM

Problem with IPSEC Forticlient tunnel and ToIP

Good morning.

 

I have created an IPSEC Ipsec tunnel dial up to connect it using forticlient. Some users uses that tunel for ToIP.

 

I have problems with SIP UDP traffic 5060. In some cases, the server (172.25.3.7) tryes to send SIP traffic to the remote users (192.168.106.0/29) and I have a drop message and the ToIP agents cannot register to the ToIP platform. The problem occurs when I have more than one ToIP user tryng to work, with only one user it not happens.

 

On the debug I have observed a drop message and I think maybe that's the problem" No maching IP Selector drop":  (172.x.x.x server sends SIP traffic to  192.x.x.x.user connected to dial up tunnel).

 

func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=original)"
id=20085 trace_id=476 func=print_pkt_detail line=5622 msg="vd-root:0 received a packet(proto=17, 172.25.3.7:5060->192.168.106.3:5060) from port9. "
id=20085 trace_id=476 func=resolve_ip_tuple_fast line=5702 msg="Find an existing session, id-134b0eb2, reply direction"
id=20085 trace_id=476 func=npu_handle_session44 line=1159 msg="Trying to offloading session from port9 to IPSEC-ORG, skb.npu_flag=00000400 ses.state=01030004 ses.npu_state=0x03101008"
id=20085 trace_id=476 func=fw_forward_dirty_handler line=399 msg="state=01030004, state2=00000000, npu_state=03101008"
id=20085 trace_id=476 func=__ip_session_run_tuple line=3449 msg="run helper-sip(dir=reply)"
id=20085 trace_id=476 func=ipsecdev_hard_start_xmit line=788 msg="enter IPsec interface-IPSEC-ORG"
id=20085 trace_id=476 func=ipsec_common_output4 line=869 msg="No matching IPsec selector, drop"

 

On the other hand I have try to change the route selectors phase 2 of my tunnel (by default 0.0.0.0 0.0.0.0) and I have configure that but still doesn't work.

 

IPSEC-TUNNEL0.0.0.0/0.0.0.0(source)192.168.106.0/255.255.255.224(destination).

 

All the other traffics works well.

 

Could you help me please? 

Labels:
1596
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎02-21-2022 12:31 AM

Good morning Fortimaster,

 

Did you try to have a look in our Knowledge Base? You may find an article which could provide a solution.

Just select Knowledge Base, the concerned product and you can easily make a search in our search bar.

 

Do not hestiate to come back to us if you do not find the solution.

 

Regards,

 

 

Anthony-Fortinet Community Team.
1524
0 Kudos
fortimaster
Contributor II
In response to Anthony_E

Created on ‎02-27-2022 01:58 AM

Thanks Antony_E

 

Yes , I have tryed to found it but I dont have find it.

1499
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎02-27-2022 02:04 AM

Hello,

 

No problem at all.

We will find somebody to find a solution for your question.

 

Regards,

Anthony-Fortinet Community Team.
1497
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.