Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Problem between Fortigate...

Problem between Fortigate 30E and Huawei S5335

Created: Nov 29, 2021 13:17:05Latest reply: Nov 29, 2021 13:39:17 241 6 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello all, I have a solution in Ipsecc using tunneling with two fortigates. My problem is that when we try to reach the Huawei S5335 in a specific VLAN, this switch response the ICMP packets but I don´t know what happend because the packet don´t cruce the Ipsecc tunnel. I try to explain the scenary:


  1. Ipsecc Tunnel.

  2. In the place A I have a PC conected to the Fortigate A

  3. In the Place B I have a Switch S5335 conected to the Fortigate B

  4. I can Reach all the device connected to the S5335 but I can´t reach the Managment IP of the S5335 (The static route is configured)


Like (0) Dislike (0) Favorite(0) Share Report
Previous: Lab # 03-04 - Inter-VLAN Communication - HCIA Datacom v1.0
Next: BIDI SFPs
Featured Answers

Recommended answer

(0) (0)
chenhui
Admin Created Nov 29, 2021 13:39:17

Hi,

Do you mean the scenario below? That PC A could able reach PC B through IPSec VPN, but cannot reach the S5335 management IP.

If yes, please check the IPSec VPN configuration on the Fortigate, whether the management address is included in the encrypted traffic list.

topo


View more
  • x
  • convention:

doblev
doblev Created Dec 3, 2021 10:50:45 (0) (0)
Hi, yes this is the scenario, however the IP is not the problem. We test with differents IPs and the results are the same.  
chenhui
chenhui Reply doblev  Created Dec 4, 2021 02:13:21 (0) (0)
No, I mean the management IP address should be included in the encryption traffic that transmitted in the IPSec.  
doblev
doblev Reply chenhui  Created Dec 7, 2021 12:13:35 (0) (0)
Hi Chen, all the IPs are included, for example the network is 192.168.1.0/24 we can reach all the IPs of this range only the IP that we use in the huawei switch is not reachable. For example we have a cisco switch with the IP 192.168.1.253 and we can reach this Switch. Is possible that the Switch huawei send the packet included additional information and the Fortigate block this packets? Addittianl we can see tha the switch send the response to the fortigate and the packets die in the IPsec int. 
chenhui
chenhui Reply doblev  Created Dec 8, 2021 09:51:49 (0) (0)
Have you configured the static route on the switch?  
All Answers
(0) (0)
2#
Nino_Chou
Nino_Chou Admin Created Nov 29, 2021 13:20:40


Hello, friend!
It's nice to meet you in the community.
We're working on getting the right answer for you.
View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Nov 29, 2021 13:39:17

Hi,

Do you mean the scenario below? That PC A could able reach PC B through IPSec VPN, but cannot reach the S5335 management IP.

If yes, please check the IPSec VPN configuration on the Fortigate, whether the management address is included in the encrypted traffic list.

topo


View more
  • x
  • convention:

doblev
doblev Created Dec 3, 2021 10:50:45 (0) (0)
Hi, yes this is the scenario, however the IP is not the problem. We test with differents IPs and the results are the same.  
chenhui
chenhui Reply doblev  Created Dec 4, 2021 02:13:21 (0) (0)
No, I mean the management IP address should be included in the encryption traffic that transmitted in the IPSec.  
doblev
doblev Reply chenhui  Created Dec 7, 2021 12:13:35 (0) (0)
Hi Chen, all the IPs are included, for example the network is 192.168.1.0/24 we can reach all the IPs of this range only the IP that we use in the huawei switch is not reachable. For example we have a cisco switch with the IP 192.168.1.253 and we can reach this Switch. Is possible that the Switch huawei send the packet included additional information and the Fortigate block this packets? Addittianl we can see tha the switch send the response to the fortigate and the packets die in the IPsec int. 
chenhui
chenhui Reply doblev  Created Dec 8, 2021 09:51:49 (0) (0)
Have you configured the static route on the switch?  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.