Route Problem - Host Unreachable - Mikrotik x FortiGate VPN

danilowagner · May 3, 2016, 10:24am

Hi Experts!

10.237.100.0/22 ____ (Mikrotik) IPSec VPN (FortiGate) ____ 10.244.0.0/16 ____ MPLS Link ___ host unreachable 10.90.11.42

I’ve tried to solve why the host 10.90.11.42 is unreachable. I think because route, but I don’t know how to solve.

My Mikrotik can ping the FortiGate Ip and all hosts in network 10.244.0.0/16.

Inside network 10.244.0.0/16 the last IP before enter in MPLS link is 10.244.220.90.

How I can connect to 10.90.11.42? I need to add a route in my Mikrotik or in FortiGate?

mrz · May 3, 2016, 1:36pm

Since there are no info about ipsec configuration scenario, there may be 2 options:

if you use ipsec encapsulated tunnel like gre etc, then you need to add routes on all invloved devices, so that target networks are reached from each device.
if you use site to site setup with ipsec policie sin tunnel mode, then you simply need to add another policy to 10.90.11.x network on both ipsec routers.

Devices behind fortigate must have routes to reach 10.237.100.0/22 network.