Hello experts. I have a FortiGate 110C and a Cisco 1721 which have a successful IPSEC site-to-site tunnel connected. The FortiGate is the "server/host' and the 1721 is the branch office.
Communication from the Internal port on the the 1721 to the Internal port on the Fortigate passes successfully. I can RDP, ping, browse shares, etc. from the 1721 to the Fortigate. However, if I try to ping www.google.com
from an internal client on the 1721 I can see that the ping resolves www.google.com
to an IP, but there is no reply.
Also, I cannot RDP, ping, browse or otherwise connect to the 1721 from the Fortigate's Internal network. For those who are visual learners, this is what is happening:
10.10.10.0 0.0.0.255 -----> 10.10.0.0 0.0.255.255 works great
10.10.0.0 0.0.255.255 -----> 10.10.10.0 0.0.0.255 not so great
Is this an ACL problem on the 1721 or is this a firewall policy (Fortigates version of ACL) on the Fortigate?
I have a 1841 connected to the Fortigate with identical configs and it works great with no problems which tells me that there could be something on the 1721's end. It could be the Foritgate too I guess, but that setup is identical for both device as I have them grouped with the same settings, etc.