Expand all | Collapse all

VPN works only in one direction

  • 1.  VPN works only in one direction

    Posted Nov 14, 2017 04:23 AM


    I have a quiestion about VPN settings on a Fortigate 60D.



    - Two locations with separate local networks

    - Location 1: Ubiquiti Unifi USG with public IP

    - Location 2: Fortigate 60D with latest Firmware and public IP

    - VPN is set up with a preshared key

    - Static route (sending the remote subnet to the tunnel interface) and Firewall-Policies (from and to the local and the tunnel interface with the relevant subnets) created on the Fortinet

    - Added the requested blackhole routes (RFC1918)

    - No additional configuration on the USG



    - Fortinet shows the tunnel as UP / No Errors in the Log

    - The USG shows 0 Zone to Zone VPN's

    - I can ping from the USG side to the Fortigate side

    - I can not ping from the Fortinet to the USG side

    - IPSec Monitor does not show any traffic when i try to ping from the Fortinet side (I checked the Route the Policies several times). It shows traffic when i ping from the USG side.



    - Has anybody configured a working connection between Fortigate and USG?

    - It looks like there is no traffic going to the tunnel. Do i need to add some additional config on the Fortigate besides the Tunnel, the route and the policies?


    Thanks for your support!


  • 2.  RE: VPN works only in one direction

    Posted Nov 28, 2017 04:29 AM

    Hi Hans-Peter,


    > - I can not ping from the Fortinet to the USG side

    Ping from Fortigate or or computer behind Fortigate?


    Did you try #diag sniff packet any '' 4 a to identify if packet was routed into tunnel or not?