10-31-2018 09:12 AM - edited 02-21-2020 08:25 AM
Hi guys
I got a situation with an IPsec Tunnel and i don't know what else I need do, this is the situation:
I already configured a VPN Tunnel between my Cisco ASA and a Fortigate 100D everything is up (Phase 1 and Phase 2), this tunnel was created because we need to monitor 5 devices (couple of switches and a call manager) the devices that we already monitoring are the Switch Core (10.0.5.20) and the Call Manager (10.0.5.21) (the IPs are not the real ones is just for information) but we got problems trying to reach 3 Switches that are on a different network (10.0.1.x)
When i send a ping from my server (172.26.5.80) to one of the devices let's say 10.0.1.5 I see that the packet reach the Cisco asa and send it through the Tunnel but on the Fortigate side they don't see anything they only see the request to the IPs 10.0.5.20 and .21
If I execute the ping backwards i mean from the 10.0.1.5 to my server 172.26.5.80 it doesn't respond until i execute a ping from my server to the switch looks like it's waiting to see the communication open on the Tunnel
About the configuration on both sides we already checked and everything looks good.
I hope all of you understand what i tried to explain.
Regards
11-03-2018 02:05 PM
For verification on the ASA, you could run CLI packet tracer to confirm that the config is good:
packet tracer input inside icmp source-ip 8 0 dest-ip det
Regards,
Azam
11-07-2018 08:52 AM
I think i found the issue, on the Fortinet side the admin was using "named address" something like object groups and this can cause some issues in the VPN crypto map. I'm asking to the admin to change the "named address" to the IP address. I will let you know how it goes.
Regards
11-07-2018 11:37 AM
hope it works, I only have knowledge of the ASA, not Fortigate
regards, mk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide