Skip to main content
mhrth
mhrth
Explorer II
July 7, 2022
Question

IPSec Tunnel Down if Adding Another Network Segment

  • July 7, 2022
  • 1 reply
  • 2248 views

Hi, 

 

I am in the middle of configuring IPSec Tunnel from my FortiGate firewall to Sophos firewall. There is no issue when I add one VLAN as both Phase 1 and 2 are up. However, Phase 2 is down when I add another 2 VLANs. The settings in both firewall are similar as we refer to this documentation: https://www.sophos.com/ja-jp/medialibrary/PDFs/documentation/SophosFirewall/Pocket-Guides/Establish-IPsec-VPN-Connection-between-Sophos-and-Fortigate-with-IKEv2.pdf

 

Thank you in advance :)

1 reply

akristof
Staff
akristof
Staff
July 7, 2022

Hello,

You mean when you are adding another Vlan subnet as a separate phase2, all phase2s are down and not negotiating?

    mhrth
    mhrthAuthor
    Explorer II
    July 8, 2022

    Hello,

     

    Correct. When adding another VLAN subnet as separate phase2, all phase 2 down.

     

    Matin

    akristof
    Staff
    akristof
    Staff
    July 8, 2022

    Hello,

    In that case, run ike debug:

    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPSEC-Tunnel-debugging-IKE/ta-p/190052

    When it will be running, via GUI make all phase2s up and see what is the problem. You can put the result into file and attach it. Just tell me which tunnel are we talking about if the output will have more of them.

    Terms & ConditionsAccessibility statement