Description
This article describes how to ping remote network connected via IPsec VPN.
Solution
Assume the following scenario:
[ 172.31.128.0/20] ----172.31.128.1 (LAN) 81E-----ipsec vpn --------600C-------[ 172.31.144.0/20]
IPsec VPN is configured in both FortiGate-81E and FortiGate-600C.
For FortiGate-81E, network 172.31.144.0/20 is reachable via VPN and 172.31.128.0/20 is directly connected network.
From FortiGate-81E , if the remote network IP is pinged from CLI directly, ping communication will fail.
FG81EP-2 # execute ping 172.31.147.74
PING 172.31.147.74 (172.31.147.74): 56 data bytes
--- 172.31.147.74 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
In order to the ping the remote IP connect via IPsec VPN, set the source IP for the ping and initiate the ping.
FG81EP-2 # exe ping-options source 172.31.128.1 <----- Source FortiGate-81E’s local network connected interface IP.
FG81EP-2 # exe ping 172.31.147.74
PING 172.31.147.74 (172.31.147.74): 56 data bytes
64 bytes from 172.31.147.74: icmp_seq=0 ttl=255 time=0.5 ms
64 bytes from 172.31.147.74: icmp_seq=1 ttl=255 time=0.5 ms
64 bytes from 172.31.147.74: icmp_seq=2 ttl=255 time=0.3 ms
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.