Topic Thread

Expand all | Collapse all

VPN works only in one direction

  • 1.  VPN works only in one direction

    Posted 11-14-2017 04:23

    Hello

    I have a quiestion about VPN settings on a Fortigate 60D.

     

    Basics:

    - Two locations with separate local networks

    - Location 1: Ubiquiti Unifi USG with public IP

    - Location 2: Fortigate 60D with latest Firmware and public IP

    - VPN is set up with a preshared key

    - Static route (sending the remote subnet to the tunnel interface) and Firewall-Policies (from and to the local and the tunnel interface with the relevant subnets) created on the Fortinet

    - Added the requested blackhole routes (RFC1918)

    - No additional configuration on the USG

     

    Result:

    - Fortinet shows the tunnel as UP / No Errors in the Log

    - The USG shows 0 Zone to Zone VPN's

    - I can ping from the USG side to the Fortigate side

    - I can not ping from the Fortinet to the USG side

    - IPSec Monitor does not show any traffic when i try to ping from the Fortinet side (I checked the Route the Policies several times). It shows traffic when i ping from the USG side.

     

    Questions:

    - Has anybody configured a working connection between Fortigate and USG?

    - It looks like there is no traffic going to the tunnel. Do i need to add some additional config on the Fortigate besides the Tunnel, the route and the policies?

     

    Thanks for your support!

    Hans-Peter



  • 2.  RE: VPN works only in one direction

    Posted 11-28-2017 04:29

    Hi Hans-Peter,

     

    > - I can not ping from the Fortinet to the USG side

    Ping from Fortigate or or computer behind Fortigate?

     

    Did you try #diag sniff packet any '' 4 a to identify if packet was routed into tunnel or not?

     

    thanks

    Jochen