Description
This article describes how to ping remote network connected via IPsec VPN.
Solution
Assume the following scenario:
[ 172.31.128.0/20] ----172.31.128.1 (LAN) 81E-----ipsec vpn --------600C-------[ 172.31.144.0/20]
IPsec VPN is configured in both FortiGate-81E and FortiGate-600C.
For FortiGate-81E, network 172.31.144.0/20 is reachable via VPN and 172.31.128.0/20 is directly connected network.
From FortiGate-81E , if the remote network IP is pinged from CLI directly, ping communication will fail.
FG81EP-2 # execute ping 172.31.147.74
PING 172.31.147.74 (172.31.147.74): 56 data bytes
--- 172.31.147.74 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
In order to the ping the remote IP connect via IPsec VPN, set the source IP for the ping and initiate the ping.
FG81EP-2 # exe ping-options source 172.31.128.1 <----- Source FortiGate-81E’s local network connected interface IP.
FG81EP-2 # exe ping 172.31.147.74
PING 172.31.147.74 (172.31.147.74): 56 data bytes
64 bytes from 172.31.147.74: icmp_seq=0 ttl=255 time=0.5 ms
64 bytes from 172.31.147.74: icmp_seq=1 ttl=255 time=0.5 ms
64 bytes from 172.31.147.74: icmp_seq=2 ttl=255 time=0.3 ms
