[c-nsp] Site to site vpn Cisco Router to Fortinet

Benny Amorsen benny+usenet at amorsen.dk
Thu Dec 13 09:07:46 EST 2012


Joe Freeman <joe at netbyjoe.com> writes:

> Now I'm having trouble getting traffic across it. I've got a policy in the
> FG that allows any/any between the internal interface and the tunnel (both
> ways). Traffic counters aren't incrementing on either policy. I've also
> checked my static routes that send traffic to the tunnel on both sides.

Since it is a 0.0.0.0/0 tunnel both src and dst, a plain ping from the
Fortigate should at least go through the tunnel.

Personally I would try "diagnose sniffer packet tunnelinterface" on the
Fortigate while at the same time doing "execute ping" something that
hits the static route.

If that does not show any traffic, the problem has to involve routing
somehow.


/Benny



More information about the cisco-nsp mailing list