I have a frustrating VPN situation, where 90% of it works except the last hop.
Overall situation:
Remote site: Fortigate VPN gateway, and VM
EC2 site: Fortigate AMI, and VM
For EC2, the fortigate AMI and the test VM are on the same region (us-west2a), same VPC, same subnet
Does not work:
- ping end-to-end VM to VM
- AWS fortigate ping to AWS VM
DOES work:
- Remote fortigate ping AWS fortigate
- Remote VM ping AWS fortigate
- AWS VM ping AWS fortigate
- AWS secondary VM ping AWS VM
PACKET TRACES:
pinging from AWS VM, to a remote site IP, does not show up in aws fortigate packet capture.
Because of the last bit, i would presume that i'm missing something at the AWS routing level.
But.. I went to VPC, created a routing table, specifically associated it with the subnet the VM and fortigate are on, and added a route for the remote site's subnet thorugh the fortigate instance.
The VPC network acls are (allow all) as well.
So.. I'm lost. Can someone suggest anything else for me to check?
