IPSec Fortigate to pfSense Routing issue

  • This is my first pfSense Setup an i have a strange (for me) problem with the traffic from the fortigate site to the pfSense site.

    I set up a site-to-site tunnel via ipsec, the tunnel is up and i can ping from a client behind the pfSense to a client behind the Fortigate. If i ping from behind the Fortigate to a client behind the pfSense i do not get an answer. A tcpdump at the client behind the pfSense shows that the ping arrives but is coming from the ip, but i dont have any network with this ip. Is the psSense doing any "conversion" with the ip-adresses? The original source (net behind Fortigate) is 192.168.18. I have no idea where the is comming from.
    Does anybody have some suggestions?

  • Solved,
    cause was a false configured policy at the Fortigate. In the policies for (incoming/outgoing) traffic the "NAT" switch was enabled. Why the fortigate choose the ip-adress of the DMZ interface instead the ip of the WAN interface is a mystery to me. So i was wrong when i said i don't have a Network with the IP This IP was configured for an older test scenario but not used anymore and even the interface was not connected.

Log in to reply