Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1362
Views
0
Helpful
3
Replies

Problem vpn L2L ASA with Fortigate 100

alfredoelias
Level 1
Level 1

‎12-13-2010 07:59 AM

the VPN is UP phase 1 ok, phase 2 OK, but when I ping the network I want to reach the side of the FortiGate lose the connection and I do not answer the ping. The vpn is up but I deny the connection FortiGate.

Thanks.

Labels:
0 Helpful
3 Replies 3

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎12-13-2010 08:02 AM

Hi,

Make sure on the Fortigate there's no filtering VPN traffic (there should be a rule permitting the VPN).

Phase 1 and 2 show established on both ends?

Federico.

0 Helpful

alfredoelias
Level 1
Level 1
In response to Federico Coto Fajardo

‎12-13-2010 02:42 PM

Hi,

Actually phase 1 and phase 2 were established on both sides in both the ASA and in the FortiGate but since the network allowed in the ASA I can not ping allowed networks in the FortiGate. And the vpn is up forever.

Thanks.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to alfredoelias

‎12-13-2010 02:47 PM

If phase 2 is established you can do this test.

PING from the ASA side to the Fortigate...

do you see packets encrypted through the tunnel ''sh cry ips sa''?

do you see packets coming back (decrypted)?

PING from the Fortigate side to the ASA...

do you see packets decrypted through the tunnel ''sh cry ips sa''?

The above will show you who is and who is not sending packets, so you can check where the problem is.

Sometimes is a route.. sometimes is a filter/rule not allowing the traffic.

Federico.

0 Helpful
Customers Also Viewed These Support Documents