question

joelbrammer avatar image
0 Likes"
joelbrammer asked

IPSec Site to site tunnel receiving no return traffic

While trying to create a site-to-site IPSec VPN tunnel. We can see the initial Phase 1 traffic leaving the fortigate unit, but the response doesn't seem to be received by the Fortigate. The remote side is correctly sending the response as we can see this in the firewall above the Fortigate (the Fortigate is behind NAT)

Is there any configuration required on the Fortigate firewall to allow IPsec traffic through?

VPNIPsec
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

1 Answer

·
ldhillon avatar image
0 Likes"
ldhillon answered

Hello Joel,

Some times the upstream devices doesn't allow inbound port 500 Traffic.
I would suggest running sniffer on the upstream device to see if its forwarding the reply 500 traffic to FortiGate. Until unless we receive the traffic nothing much can be done on the FortiGate itself.

With regards,

Lovepreet Singh Dhillon



Click to up vote 0 Likes
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space