problem with outbound traffic between mikrotik and fortigate

blackmetal · September 6, 2018, 8:01am

Hello,
we have establish GRE tunnel between a mikrotik and fortigate and we can ping both side of tunnel and we establish bgp over tunnel and announce a /24 to mikrotik now everything is ok and when i do packet capture i see incoming packets from GRE tunnel but they can not reach out from fortigate so in route policy i have add this kind of rule:

FG1 # show router policy
config router policy
edit 2
set input-device “LAN”
set dst “1.2.3.0/255.255.255.0”
set gateway 172.16.206.1
set output-device “GRETUNNEL”
next

but its not working so when my lan users that has 1.2.3.0/24 can not use 172.16.206.1 as next-hop,
any idea how solve this?

and there is another note that when i have add my own static ip in static route for example add 9.8.7.6 as static route that set next-hop 172.16.206.1 from 9.8.7.6 i can reach whole network of 1.2.3.0/24
thanks

eXS · September 6, 2018, 9:16pm

Are you literally using 1.2.3.0/24 ?

blackmetal · September 7, 2018, 2:55am

i hope you do not want just increase your post count 1.2.3.0/24 is sample and just search on forum then you will see many people use these kind of ranges as sample,

sindy · September 7, 2018, 12:32pm

Well, I don’t really need to raise my post count, but I’d ask you to rephrase your OP and provide a diagram with the networks 1.2.3.0/x, 9.8.7.0/y because I’m lost in the directions etc. The last two sentences are quite confusing, a couple of commas at right places might help:

From the mikrotik side, the configuration export and /ip route print would be useful too; on Fortigate side I don’t know what to ask for as I don’t know what are the possibilities.

Anumrak · September 7, 2018, 12:35pm

Why you think that “lan users that has 1.2.3.0/24 can not use 172.16.206.1 as next-hop”?

Maybe your TIK just blocking this traffic on his side?