Hi everyone,
I have the following situation with a classic VPN tunnel:
I have a VPN tunnel with a Fortigate 500e (on-premise), using the Cloud VPN service.
In both points, the IP ranges are configured with a Policy-based routing. But the tunnel can only route traffic to a single IP range, of the two remote IP ranges configured.
Both the local and the remote IP ranges are configured similarly.
This is the log with the error:
“textPayload”: “Warning: Remote traffic selectors narrowed for Child SA: vpn_xxxxxxx. Configured TS: [10.114.27.18/32 10.114.27.22/32 ], negotiated TS:[10.114.27.18/32 ]. Please verify configuration on the remote side.”
Hi,
I have found a similar scenario with this concern under this link[1] which has mentioned that this indicates that the traffic selector is configured differently on both sides. It was suggested from the link that it is needed to unify the TS configuration on both GCP and on-prem and advise to recreate the tunnel if necessary.
I have also found a tutorial from youtube[2][3] for a site to site connection using classic vpn and fortigate (on-prem) that might help us with this concern. There is also a part from the video when the connection is tested on both side.
[1]https://serverfault.com/questions/1049148/google-classic-vpn-stopped-working-after-an-outage
[2]https://www.youtube.com/watch?v=QWsd0qcZdgA
[3]https://www.youtube.com/watch?v=czP6S0RcXpc
1 Like
Hi, any advice on what solved the problem? I’m facing the same issue but the links didn’t helped us
1 Like
