Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPSEC tunnel is up but no traffic from one end

kishan
Getting noticed
‎Jun 29 2021 5:55 PM
‎Jun 29 2021 5:55 PM

IPSEC tunnel is up but no traffic from one end

One side is Meraki MX68W and other side is FortiGate. 

 

Configured IKE V2 and phase 1&2 both up, tunnel is up. Traffic can be send from fortigate but it received nothing.

 

Checked  Private subnets and all configurations, but no luck 

 

from Meraki I can able to ping Fortigate's public ip but not lcoal private subnet.
From Fortigate he can able to ping my private subnet but not receiving back.

 

 

anyone able to help or suggest?

 

0 Kudos
Subscribe
4 Replies 4
Inderdeep
Kind of a big deal
Kind of a big deal
‎Jun 29 2021 6:40 PM
‎Jun 29 2021 6:40 PM

@kishan : Can you check the below thread if it helps 

https://community.meraki.com/t5/Security-SD-WAN/Fortigate-to-Meraki-IPsec-traffic-only-going-one-way...

 

 

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Subscribe
In response to Inderdeep
kishan
Getting noticed
‎Jun 29 2021 7:57 PM
‎Jun 29 2021 7:57 PM

Traffic can be sent from Fortigat e to MX but on MX  i can not see anything and on Fortigate nothing received from MX.

 

From both end only able to ping PUB IP not LAN subnets, however Tunnel is up 

 

@Inderdeep 

0 Kudos
Subscribe
In response to kishan
Bruce
Kind of a big deal
‎Jun 29 2021 8:30 PM
‎Jun 29 2021 8:30 PM

@kishan there’s not much you can do on the Meraki end if the tunnel is up - there is the Site-to-site Outbound VPN firewall, but by default this allows all. Maybe post relevant parts of your FortiGate configuration and community members might be able to spot something.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 30 2021 1:12 PM
‎Jun 30 2021 1:12 PM

I don't know the answer.  I recall people talking about disabling NAT-T on the Fortigate side before.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.