HI, I have created a SS VPN with Cisco ASA. Unless the remote site (ASA) initiates the ping, the VPN tunnel remains down. As soon as the ping is initiated from asa, everything works. Can anyone help me with this?
Thank you for your question. So if you manually bring phase2 up or traffic is initiated from client behind the FortiGate, tunnel is down? Can you verify if phase1 is up but phase2 not? Are you using address group in selectors in phase2? Can you share:
from last screenshot, FGT is receiving No proposal chosen message. So you will need to verify Cisco's side to see why it is not matching. Usually it is related to selectors, but you should see it via debug on ASA.