IPSEC Phase1 & Phase2 UP, But No Download Traffic On Brach Site

Forum|Forum|1 year ago
November 26, 2024
2 replies
1880 views

Dear Support Forum,

I have an ipsec tunnel problem from branch to HO, where the download traffic from branch to HO remains 0 bytes,
and in the configuration of the ipsec tunnel HO to the branch the peer id (gC.b) appears as the username.

Is there anyone who can help to solve this problem?

IPSEC Tunnel.jpg

IPsec

DPadula

Staff & Editor

Are both Fortigates running the same FortiOS version?
Can you see the firewall policy byte counter increasing?

_afriansyahAuthor

New Member

Are both Fortigates running the same FortiOS version?
Yes, Running the same FortiOS Version

Firewall Policy byte counter on Branch

firewall policy.jpg

DPadula

Staff & Editor

Run the command 'diagnose netlink device list' few times and confirm that you can see the counters increasing for the tunnel interfaces.

sw2090

SuperUser

Do the phase2 selectors match?

Do a flow debug on cli:

dia debug ena

dia debug flow fliter clear

die debug flow filter saddr/daddr/proto/... (execute it without params and it will show a list)

dia debug flow trace start <numberofpackets>

start that on both FGT and then produce some traffic on the vpn and the flow will on both sides show you the packet flow.

_afriansyahAuthor

New Member

Halo @sw2090 ,
Phase 1 & Phase 2 match, and already up
IPSEC problem only with ISP "JSN"

i try to use another ISP, IPSEC with another ISP work normally,
download and upload traffic no issue from Branch to HO.

is problem with the ISP "JSN" ?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded