Re: Ping CLI on web panel and SSH does not respond to FG VPN
The commands I put above are to get around the need for routable IPSEC interfaces. So that will work when they are set to the default 0.0.0.0.(the source IP you input being the LAN IP)
If you do want to make them routable it's a matter of assigning them a /32 IP on both ends and simply creating a route so it can get to each other. ie, on site A you assign 10.20.20.10/32 and on site B you assign 10.20.20.60/32. On site A create a route sending 10.20.20.60 across the tunnel, and on site B create a route sending 10.20.20.10 across the tunnel. You may need to add the 'routing subnet' to the phase 2 of the tunnel or simply change the phase 2 to 0.0.0.0/0.0.0.0
This will make it so when the traffic originating from the FortiGate itself going across the tunnel has a valid IP and the other side knows how to return the traffic.