ip sec vpn ping problem

Nrt · ‎12-02-2023

Hi All

I have a ping problem in the ipsec tunnel. Vpn tunnel up. The connection is established. I can reach the other party's gateway. When I ping from the local network, it does not work, but when the other party pings me, I can reach and connect. After 10 - 15 minutes, I cannot ping again. When the other party pings me, I ping again. Meanwhile, the tunnel never goes down and is up.

My Device Fortigate 60F

Version 7.4.1

Nrt · ‎12-02-2023

hi. Many helpfull for me. thanks

View solution in original post

hbac · ‎12-02-2023

Hi @Nrt,

You can run debug flow as follow to see if the traffic is being dropped or not.

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr 192.168.5.2 >>> destination IP address
di deb flow filter proto 1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

Regards,

Nrt · ‎12-02-2023

Thanks your kindly support

vbandha · ‎12-02-2023

@Nrt

Also check the packet flow on both sides when the ping is not working.

On fortigate side you can use this command:
diag sniffer packet any 'host <Other side IP> and icmp' 4 0 l

With this you can check if the ping is being sent on tunnel or not.

If the ping is being sent on tunnel then it is probably issue on other side. If the ping is not being sent on tunnel interface then it is some issue on your side.

Also check the routing table at the time issue is happening:

get router info routing-table details <Remote IP>

Nrt · ‎12-02-2023

hi. Many helpfull for me. thanks

ip sec vpn ping problem

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website