Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor

Created on ‎03-30-2024 04:47 AM

Dial Up Ipsec Tunnel goes down

Hi all,

 

I'm checking a new dial up IPSEC tunnel using forticlient and it works fine but it goes down suddenly. I've checked all parameters and they are apparently fine (key life time etc). I have done a debug and we can see a message that could be the cause of the problem:

"0:IPSEC-VFG_0:16536: 91902cc522f37f02/8ff2ab98b902574d negotiation of IKE SA failed due to retry timeout". I attach you all the debug messages just before the tunnel goes down. Could you help me? What could be wrong in the tunnel?

Could you help me? Thanks ¡¡¡¡

 

 

troubleshooting.JPG

Labels:
300
0 Kudos
5 REPLIES 5
maulishshah
Staff
Staff

Created on ‎03-30-2024 05:36 AM

Hello @fortimaster

 

Could you kindly provide the configuration details for the IPsec dial-up tunnel?

 

Furthermore, could you confirm whether the tunnel goes down frequently at specific intervals or randomly?

Also, could you specify whether the issue is affecting one user or all users?

 

For further troubleshooting, I would like to suggest initiating continuous ping tests from the test user to the public IP address of the FortiGate device where the dial-up tunnel is being established. This will help determine if there are any communication drops with the FortiGate.

 

 

 

Maulish Shah
278
0 Kudos
hbac
Staff
Staff

Created on ‎03-30-2024 06:01 AM

Hi @fortimaster,

 

Based on the error message, please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-retransmission-and-DPD/ta-p/294932

 

What is the FortiGate and FortiClient version? Does it happen to other users? Does it work with IKEv1? 

 

Regards, 

275
fortimaster
Contributor
In response to hbac

Created on ‎04-01-2024 08:22 AM

For the moment it works fine afther that I have updated forticlient agent. Currently Im the only user of the tunnel, I'm checking it. With Ike v1 I didn't have the problem but the tunnel was not exactly the same.

I will mantain you informed but I think it works fine with the Forticlient Update. I had an old 6.2 version .Thanks.

196
0 Kudos
sahmed_FTNT
Staff
Staff

Created on ‎03-30-2024 11:53 AM

Hello, I would suggest verifying VPN settings on both sides are same.

 

Also you can view Firmware release notes for any known issues

 

 

Security all we want
237
fortimaster
Contributor

Created on ‎04-08-2024 02:36 PM Edited on ‎04-08-2024 02:37 PM

Definetivelly the problem was solved upgdating forticlient to the latest  version .Thanks for your help¡¡¡

86
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.