Created on 04-21-2015 10:54 PM Edited on 03-25-2022 10:20 AM By Anonymous
Description
Scope
Network Diagram
Solution
Trace route results:-
PING from client side:-
9.059806 port3 in 10.128.0.150 -> 10.137.0.158: icmp: echo request
9.059820 gre_tunnel out 10.128.0.150 -> 10.137.0.158: icmp: echo request
9.061283 gre_tunnel in 10.137.0.158 -> 10.128.0.150: icmp: echo reply
9.061553 port3 out 10.137.0.158 -> 10.128.0.150: icmp: echo reply
6.468882 gre_tunnel in 10.128.0.150 -> 10.137.0.158: icmp: echo request
6.469199 dmz out 10.128.0.150 -> 10.137.0.158: icmp: echo request
6.469564 dmz in 10.137.0.158 -> 10.128.0.150: icmp: echo reply
6.469707 gre_tunnel out 10.137.0.158 -> 10.128.0.150: icmp: echo reply
Routing table:-
C 10.128.0.0/23 is directly connected, port3
S 10.137.0.0/23 [10/0] via 81.137.0.1, gre_tunnel
C 81.128.0.1/32 is directly connected, gre_tunnel
C 81.137.0.1/32 is directly connected, gre_tunnel
C 172.128.0.1/32 is directly connected, ipsec_ph1
C 172.137.0.1/32 is directly connected, ipsec_ph1
C 192.168.16.0/24 is directly connected, wan1
C 192.168.16.128/32 is directly connected, lo1
S 192.168.16.137/32 [10/0] via 192.168.16.130, wan1
IPsec tunnel info:-
name=ipsec_ph1 ver=1 serial=1 192.168.16.128:0->192.168.16.137:0 lgwy=static tun=intf mode=auto bound_if=0
proxyid_num=1 child_num=0 refcnt=11 ilast=11576 olast=5
stat: rxp=22956 txp=14428 rxb=16279320 txb=2480008
dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=0
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=ipsec_ph2 proto=47 sa=1 ref=2 auto_negotiate=1 serial=2
src: 47:0.0.0.0/0.0.0.0:0
dst: 47:0.0.0.0/0.0.0.0:0
SA: ref=6 options=0000002d type=00 soft=0 mtu=1436 expire=31645 replaywin=0 seqno=385d
life: type=01 bytes=0/0 timeout=43149/43200
dec: spi=b1624968 esp=3des key=24 d62bae210f7376e3bac04446acc8a9f931e861ff1d730fa6
ah=sha1 key=20 4e70a4b0202baa45f8cf214cb01286757b85759f
enc: spi=edb15dc7 esp=3des key=24 701c98ff3186ed547b00fe2e24b870c3a377cb6ac2559960
ah=sha1 key=20 ccc18daba93f1031a7540a8b440788bc3abc65c5
dec:pkts/bytes=22956/15063764, enc:pkts/bytes=14428/3257016
npu_flag=00 npu_rgwy=192.168.16.137 npu_lgwy=192.168.16.128 npu_selid=1
PING from server side:-
2.567025 dmz in 10.137.0.158 -> 10.128.0.150: icmp: echo request
2.567233 gre_tunnel out 10.137.0.158 -> 10.128.0.150: icmp: echo request
2.568621 gre_tunnel in 10.128.0.150 -> 10.137.0.158: icmp: echo reply
2.568859 dmz out 10.128.0.150 -> 10.137.0.158: icmp: echo reply
5.652083 gre_tunnel in 10.137.0.158 -> 10.128.0.150: icmp: echo request
5.652362 port3 out 10.137.0.158 -> 10.128.0.150: icmp: echo request
5.652819 port3 in 10.128.0.150 -> 10.137.0.158: icmp: echo reply
5.652827 gre_tunnel out 10.128.0.150 -> 10.137.0.158: icmp: echo reply
Routing table:-
S 10.128.0.0/23 [10/0] via 81.128.0.1, gre_tunnel
C 10.137.0.0/23 is directly connected, dmz
C 81.128.0.1/32 is directly connected, gre_tunnel
C 81.137.0.1/32 is directly connected, gre_tunnel
C 172.128.0.1/32 is directly connected, ipsec_ph1
C 172.137.0.1/32 is directly connected, ipsec_ph1
C 192.168.16.0/24 is directly connected, wan1
S 192.168.16.128/32 [10/0] via 192.168.16.112, wan1
C 192.168.16.137/32 is directly connected, lo1
IPsec tunnel info:-
name=ipsec_ph1 ver=1 serial=1 192.168.16.137:0->192.168.16.128:0 lgwy=static tun=intf mode=auto bound_if=0
proxyid_num=1 child_num=0 refcnt=11 ilast=11645 olast=3
stat: rxp=14524 txp=23116 rxb=3279160 txb=15174980
dpd: mode=off on=0 idle=5000ms retry=3 count=0 seqno=0
natt: mode=none draft=0 interval=0 remote_port=0
proxyid=ipsec_ph2 proto=47 sa=1 ref=2 serial=1 auto-negotiate
src: 47:0.0.0.0/0.0.0.0:0
dst: 47:0.0.0.0/0.0.0.0:0
SA: ref=6 options=0000002d type=00 soft=0 mtu=1446 expire=31604/0B replaywin=0 seqno=5a4d
life: type=01 bytes=0/0 timeout=43177/43200
dec: spi=edb15dc7 esp=3des key=24 701c98ff3186ed547b00fe2e24b870c3a377cb6ac2559960
ah=sha1 key=20 ccc18daba93f1031a7540a8b440788bc3abc65c5
enc: spi=b1624968 esp=3des key=24 d62bae210f7376e3bac04446acc8a9f931e861ff1d730fa6
ah=sha1 key=20 4e70a4b0202baa45f8cf214cb01286757b85759f
dec:pkts/bytes=14524/2496984, enc:pkts/bytes=23116/16399000
npu_flag=00 npu_rgwy=192.168.16.128 npu_lgwy=192.168.16.137 npu_selid=0
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.