I am trying to configure site to site with IPSec Tunnel connection, I can see both sites are established (showing on the PH2 State).
Here is the environment:
HQ-A:
Subnet: 192.168.40.0
MK router (RBLtAP-2HnD): 192.168.40.1 (Bridge)
Bridge: ether1 and wlan1
There is a PC connected to ether1 with IP 192.168.40.79
There is a USB LTE modem with static IP connected to USB port. In the interfaces, it shows as lte2.
Firewall-: Chain: srcnat, src addr: 172.100.40.0/24, dst addr: 192.168.40.0/24, Action: Accept
Firewall-2: Chain: srcnat, Out interface: lte2, Action: Masquerade
HQ-B:
Subnet: 172.100.40.0
Fortinet router (Forti-60E): 172.100.40.1
There is a PC connected to the router: 172.100.40.211
I can see from both sites, the IPSec tunnel is connected.
- from the MK router (192.168.40.1), it can ping the remote gateway (172.100.40.1) and the PC (172.100.40.211) behind the router.
The PC (192.168.40.79) can ping the remote gateway 172.100.40.1 and 172.100.40.211.
from the Forti-60E router (172.100.40.1), it can ping the remote gateway (192.168.40.1), but it cannot ping the PC (192.168.40.79).
The PC (172.100.40.211) behind the Forti-60E router can ping the router (192.168.40.1), but it cannot ping the PC (192.168.40.79)
At the moment, the PC 172.100.40.211 cannot access 192.168.40.79.
Is there a live view to see incoming packets from 172.100.40.0, port 500?
Please let me know what do I need to do.
Thanks,