Can anyone help me to resolve the IP Sec tunnel issue between CISCO 3945 to Fortigate30E firewall. I am facing the tunnel frequent down issue. For every 2 minutes tunnel is going down and after 4 to 7 sec coming up automatically.
I attached all the configuration and logs. Please check and help me in this regards
The cfg is okay but what are the proxy-ids for the cisco/fgt ( local/subnet )
e.g
set src-subnet 172.18.0.0 255.255.255.0
set dst-subnet 172.16.0.0 255.255.248.0
Also do you have the tunnel interface address in the phase2 interface? You could maybe try a ping just across the tunnels interfaces from CSCO to FGT and run a diag sniffer packet to confirm
e.g
diag sniffer packet IPSEC "any" 5
Your problem seems to be phase2 related and if you enable debug crypto facilities to see the ph2 details on the cisco device it will related this.
Thanks for the reply.... Issue has been resolved and kept under observation.
I just removed the proxy ID at Fortigate and allow all like below. set src-subnet 0.0.0.0 0.0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0.0 Traffic controlling done from firewalls rules.
