FortiGate IPSEC vs. Lancom IPSEC

Forum|Forum|7 years ago
May 15, 2019
1 reply
3676 views

Hiho,

maybe someone experienced this and already has some hint for me.

We have an IPSEC tunnel to a third party that worked fine as long as the corresponding WAN on my FGT was pppoe over a dsl modem. Now changed that to a lancom router that does the dial in (plus POrtforwards for 500 and 4500 UDP to the FGT). TUnnel still works but from time to time gets stuck. FGT then still shows the tunnekl green in gui but it does not process any more data through it. I have to shutdown the tunnel ofthen several times (it always comes up again automagically) before it will work again...

ede_pfau

SuperUser

Could be a NAT timeout on the Lancom if the tunnel is idling for a while. Try to increase either the NAT timeout or the session timeout for tcp/500, tcp/4500, on the Lancom router.

What a pity. The combination of "simple modem" (DSL, VDSL, cable) with a FGT is foolproof and has no drawbacks. Such as, the FGT will have trouble getting FortiGuard updates without a public WAN address...

sw2090Author

SuperUser

there is NAT timouts for UDP and IPSec on that Lancom. I increased them with no change.

Meanwhile the same also happened to a Site2Site Tunnel betweet two FGT too.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded