Tunnel IPSec vs Fortigate

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Tunnel IPSec vs Fortigate

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Tunnel IPSec vs Fortigate
Tunnel IPSec vs Fortigate
2024-04-02 12:51:33 - last edited 2024-04-03 06:41:46
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.3.1

Hi Guys

I setup IPSec tunnel between Tp-Link Site A and Fortigate Site B.

Phase 1 UP

Phase 2 UP

When I try to reach an host from Site A to Site B source IP address is interface of WAN port.

In routing table there isn't static route to Site B via tunnel IPSec and it's impossible to manually add static route because there isn't tunnel IPsec as  interface destination.

 

SSH connection doesn't exist to set parameter via CLI

 

Any suggest?

 

Thank you

  0      
  0      
#1
Options
1 Accepted Solution
Re:Tunnel IPSec vs Fortigate-Solution
2024-04-02 15:06:29 - last edited 2024-04-03 06:41:41

  @MR.S 

Solved the issue. Wrong subnet mask on phase 2.

 

Recommended Solution
  0  
  0  
#8
Options
8 Reply
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:01:27

  @Marco16 

 

Why static route? route is automatic added when remote lan is added in vpn configuration.

 

but what I have seen is that there can be problems if you select several local networks on the tp-link vpn configuration, I myself have this problem against the cisco firewall. Do you need several local LANs in VPN, create several identical VPN tunnels with the same encryption and preshred key.

 

 

 

  0  
  0  
#2
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:05:39

  @MR.S 

In my Routing table there isn't any route to Site B.

I have 3 route:

No Route to Site B.

And I have only one Subnet in /16.

Site A 172.16.0.0/16

Site B 172.21.0.0/16

  0  
  0  
#3
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:08:25

  @Marco16 

 

you don't see s2s vpn routing, can you show a screenshot of your vpn configuration

 

  0  
  0  
#4
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:10:42

  @MR.S 

  0  
  0  
#5
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:14:08


  0  
  0  
#6
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 14:17:46

  @Marco16 

 

it looks right, I don't know fortigate so I can't help there, but if I had a tp-link cisco or unifi router at the other end, this would have worked.

you should not create a static route on TP-Link, it creates this itself based on the vpn configuration

  0  
  0  
#7
Options
Re:Tunnel IPSec vs Fortigate-Solution
2024-04-02 15:06:29 - last edited 2024-04-03 06:41:41

  @MR.S 

Solved the issue. Wrong subnet mask on phase 2.

 

Recommended Solution
  0  
  0  
#8
Options
Re:Tunnel IPSec vs Fortigate
2024-04-02 15:22:34

  @Marco16 

 

yes

  0  
  0  
#9
Options