Debug vpn checkpoint4/11/2023 ![]() Now do pings to bring up the VPN tunnel:įortigate-VPN-100 # exec ping 10.170.15.131. ![]() Configure pings to go with the source interface of LAN of the Fortigate:įortigate-VPN-100 # exec ping-options source 192.168.168.254.With the source IP of internal LAN (if local LAN is part of the encryption domain, or just ask client to do pings from the network in the encryption domain). Now open another ssh session to the same Fortigate and do pings to the IP on the other side of the VPN tunnel I, personally, prefer also to do a sniffer on the tests I run, so:įortigate-VPN-100 # diagnose sniffer packet any 'host 10.170.15.131' ![]() Enable debug messages for specific application, here we are interested in IKE (note the debug level of -1,įollowing logic I enabled first +1, 255 etc and surprisingly had no effect at all ):įortigate-VPN-100 # diag debug app ike -1 ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |