Skip to main content
jompsi
jompsi
New Member
August 19, 2015
Question

IPSec dpd_failure and esp_error

  • August 19, 2015
  • 1 reply
  • 11201 views

Hello

 

We have a FortiGate 60D. Now I see that in the log are often these two errors:

- IPSec DPD failure(dpd_failure )

- IPSec ESP(esp_error) - Recieved ESP packet with unkown SPI

 

With our FG are 5 IPSec sites connected, but the traffic between our Router and the 5 tunnels is minimal(per tunnel about 8 MB a day). These two errors appear only with the same 2 IPSec tunnels. What I read about the errors, is that they can occur with slow bandwidth. For one of the two problem tunnels that could be the explanation, because the router is over GPRS connected to the internet, but the other tunnel has a VDSL connection, which shouldnt be that slow.

 

Honestly I dont fully understand these error messages and I dont know what I can do to resolv them. Or otherwise if they cant be resolved I dont understand them enough to say "Oh, thats no problem, these error are there but they make no trouble".

 

I would be really happy/thankfull, if someone could help me, understand these errors better.

 

Kind regards

Joel

1 reply

Armando_Gomez_Barrio
Armando_Gomez_Barrio
New Member
July 13, 2017

Hi,   Managed to solve the problem of "ipsec dpd failure"   I have the some problem   Kind Regards,

emnoc
emnoc
New Member
July 14, 2017

 

For item#1,  DPD  might not be supported  or enable on the far-end ipsec-peer

 

For item#2,  are the IPSEC-SA lifetime values set the same?

 

How often are SPI errors coming in ? Do you have IPSEC-tunnel stabiltity issues or lack of reach ?

 

Both of these log message are not critical event but ensure both ipsec-peers values are  the same  enabling DPD only  devices that are DPD supported and enable would reduce these messages.

 

 

 

Terms & ConditionsAccessibility statement