| Description | This article describes how to manually bring the site-to-site IPsec VPN tunnel UP if no active traffic passing through the tunnel. |
| Scope | FortiGate, v7.0.x, v7.2.x and v7.4.x. |
| Solution |
When an IPsec tunnel is configured and no active user/device is available to generate traffic across the tunnel, it is possible to bring the tunnel manually up to test if both sites have matching parameters and configurations.
GUI method 1: Go to Dashboard -> Network -> IPsec.
Select Bring Up -> All Phase2 Selectors.
GUI method 2: Go to Dashboard -> IPsec Monitor-> IPsec.
Select Bring Up -> All Phase2 Selectors.
GUI method 3: Go to VPN -> IPsec Tunnels and select 'Inactive' under Status. Another window will pop up, then it will be possible to right-click on the tunnel and select Bring Up.
CLI method:
execute vpn ipsec tunnel up <Phase2 name> If the IPsec tunnel Phase2 went up, it means that the configuration is correct and has matching parameters with the peer. If the tunnel fails to go up, check and verify if the configuration is correct on both sides.
Related articles: Technical Tip: How to bring up specific phase 2 selectors or all selectors of IPSec VPN from GUI Technical Tip: How to bring the IPsec tunnel down from the CLI and GUI |
