Hi,

I have created a lan to lan vpn between a draytek 2830 and a fortinet 80c. The VPN is working but I am only able to pass traffic from the draytek side.


DrayTek (172.22.2.0/16)

---

VPN

---

Fortinet (192.168.0.0/16).

When I try to connect/ping devices on the draytek side, the traffic appears to be blocked by the draytek device. (firewall, I think).

Do I need to add some rules to the firewall filter to allow traffic to pass from 192.168.0.0/16 to 172.22.2.0/24. If so does any one have an example.

I have tried to a them to the default data filter. But they appear not be to working.

Would they to classed a WAN to LAN/RT/VPN or LAN/RT/VPN to LAN/RT/VPN, etc

Regards Damien

ONce the VPN is up it should pass traffic in both directions.
Ive never done them with a FORINET but have many to Chekcpoint, CISCO and Juniper Netscreen Devices and have never needed to put in Firewall Rules to allow the traffic.

Whats the defaul Rule on your 2830 Firewall, is it PASS or BLOCK?

Well first of all, can you post your routing table from both devices and star out part of your public ip addresses.

Secondly I notice you state that the DrayTek is on a class B network 172.22.2.0/16 and the fortinet is on a class C network of 192.168.0.0/16 but a /16 is not a correct subnet for a class C network it should be a /24

You then go on to say do you need to add some firewall rules and confuse the DrayTek class B /16 subnet as a /24.

I would therefore go back to your VPN settings on both networks to make sure that in the settings the remote network of the DrayTek device shows a 192.168.0.0/24 network and that on the fortinet that it shows the remote network as 172.22.2.0/16 network.

If these networks are not setup correctly on both devices then that would cause the issues you are experiencing as both devices would not be forwarding packets to the correct network subsets at the remote ends regardless of the VPN establishing correctly.

Hope that helps, but hard to diagnose without further information.