Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bkarl
Staff
Staff

Created on ‎03-17-2024 05:41 PM

Article Id 305036

Troubleshooting Tip: VPN IPsec VPN tunnel phase2 unstable after upgrading to v7.4.2

Description This article describes a workaround to solve the issue of VPN IPsec tunnel instability after upgrading to FortiOS v7.4.2. Note that this workaround only works for NP6xlite models.
Scope FortiOS 7.4.2 and 7.4.3 NP6xlite models.
Solution

Collect the output of the following commands:

 

diagnose npu np6xlite dce

diagnose debug application ike -1

diagnose debug enable

 

If the following is seen in the debug output...

 

Ike V=root:0:VPN_TAC:invalid ESP 4 (replay) SPI 3fe65c76 seq 000000:00a02e94 7 185.158.147.14->208.45.102.58

 

... Run the following commands:

 

config vpn ipsec phase2-interface

   edit VPN_TAC

      set replay disable

   next

end

diagnose vpn ike gateway flush

 

NOTE: This workaround must be applied on both VPN sides.
340
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.