Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bvagadia
Staff
Staff

Created on ‎02-16-2022 05:25 AM

Article Id 204600

DDNS IPsec tunnel issue

Description This article describes that when creating a tunnel between two FortiGates with one side its DDNS and the tunnel is not coming up.
Scope  
Solution

When creating a tunnel between two FortiGates with one side as static IP and another side with DDNS IP.

 

Run the below command and check the DDNS details.

 

# config system ddn
# show ful

 

It will provide detailed info, now check the IP and it should be the same at the peer end.


If IP's are not changing on the peer end that means the tunnel is still using the old IP, in that case, it is possible to enable DPD on-demand which can resolve the issue.

 

bvagadia_0-1645016407680.png


Similar behavior can be observed when the tunnel is created using dial-up VPN between two FortiGates.


On one side, it is possible to see that the tunnel is up with 0 incoming data and outgoing data will be non zero number,  on the remote side the tunnel will not be there, it is possible enable DPD on-demand which can resolve the issue.

 

On-demand: Trigger Dead Peer Detection when IPsec traffic is sent but no reply is received from the peer.

 

If the issue is not resolved then, open a case with TAC.
Labels:
2174
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.