Site-to-site VPN tunnel is up, but network connectivity has stopped

Forum|Forum|1 year ago
December 16, 2024
2 replies
1604 views

I am facing Site to site vpn issue since last one week between FortiGate 100F and FGVM00 . VPN tunnel status is up but network connectivity is down. noticed that all the network connectivity and VPN will restore and work few hours if i restart firewall. how to trace the root cause of the issue and fix it permanently.

dingjerry_FTNT

Staff

Hi @Sree ,

First of all, please check whether there are high CPU/Memory usage issue on both FGT devices or not.

If no, please run the following command for a Ping traffic flow:

diag sniffer packet any 'icmp and host x.x.x.x' 4 // x.x.x.x is the IP you want to Ping

If you see the abnormal sniffer packet capture on which FGT, run the debug flow commands on that FGT:

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/54688/debugging-the-packet-flow

Please apply the x.x.x.x IP as the "addr" filter for the debug flow commands.

DPadula

Staff & Editor

Also use the 'diag debug flow' command. The article Troubleshooting Tip: First steps to troubleshoot connectivity problems to or through a FortiGate with sniffer, debug flow, session list, routing table describe how to troubleshoot connectivity between networks.

Try to isolate the issue, once you do not know what is causing it. By the way, which firmware version are you using?

SreeAuthor

New Member

Firmware: v7.2.7 build1577

DPadula

Staff & Editor

Check the link: https://docs.fortinet.com/document/fortigate/7.2.7/fortios-release-notes/236526/known-issues

Search for 852051. You will find the bug 'Unexpected condition in IPsec engine on SoC4 platforms leads to intermittent IPsec VPN operation.'

You should upgrade to version 7.2.10 to eliminate the bug first, then monitor the FGT and confirm if the issue persist or not after the upgrade.

DPadula

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded