Hi everyone, I’m having trouble getting the IPsec split tunnel (or LAN to LAN) with a FortiGate device working. I’ve tried playing with settings on NAT and static routing, but even though the IPsec status shows that the tunnel is established, I can’t ping the other side’s LAN.
Here are the steps I’ve taken so far:
Configured the IPsec tunnel on both sides.
Defined a static route on the client to the remote LAN.
Verified that the IPsec tunnel is running (using IPsec status from routers CLI).
Tried to ping the remote LAN IP address, but the ping failed (I tried from Teltonika CLI and from a PC connected to it, and both failed) It seems I just can’t get any traffic through.
Any guidance on troubleshooting would be appreciated
You mention that IPSec status shows that the tunnel is established. Could you please clarify if it is only phase 1, or CHILD_SA is also established (phase2 so that user data can flow)?
Could you also check if pings fail from FortiGate side as well?
Maybe it would be possible for you to run TCPdump on one of the devices to see if there is any traffic coming into the device?
We have a general IPSec configuration example on our wiki page here, but since you are using fortigate, you can also search for FortiGate topics on our old forum (read-only) here.