( issue a cli cmd show route, and review )ĥ: lastly, are you 100% sure you don' t have any interface access-groups " that' s not preventing traffic from the remote subnet ( cisco ) to the local-subnet on the fortigate ? Your on the right track but you will need to validate the following ġ: is the crypto map acl defined for traffic to be encryptedĢ: do have no-nat controls to control NAT of traffic from cisco > fortigateģ: are you using specific proxy-id x.x.x./x and not the 0.0.0.0/0:0 on the fortigateĤ: and for the route, make sure you don' t have any other routes in the routing table that overlaps or conflicts with the destination subnet VPN tunnel is up but traffic is no passing through on Fortigate i can see outgoing traffic but found request time out on p.c connected to fortigate, and i see decrypted/incoming packets on CISCO PIX using show crypto ipsec sa commend but no outgoing traffic.
The above to me is a clue that the Cisco may not have a static route in place to send the traffic back to the FGT.Ī good guess, but unlike fortigate/srx, their' s no such thing as a route-base vpn in cisco ASA i complete all of these steps and reconfirmed them all.
0 kommentar(er)
