Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Dial Up Ipsec Tunnel goes down

Hi all,

 

I'm checking a new dial up IPSEC tunnel using forticlient and it works fine but it goes down suddenly. I've checked all parameters and they are apparently fine (key life time etc). I have done a debug and we can see a message that could be the cause of the problem:

"0:IPSEC-VFG_0:16536: 91902cc522f37f02/8ff2ab98b902574d negotiation of IKE SA failed due to retry timeout". I attach you all the debug messages just before the tunnel goes down. Could you help me? What could be wrong in the tunnel?

Could you help me? Thanks ¡¡¡¡

 

 

troubleshooting.JPG

5 REPLIES 5
maulishshah
Staff
Staff

Hello @fortimaster

 

Could you kindly provide the configuration details for the IPsec dial-up tunnel?

 

Furthermore, could you confirm whether the tunnel goes down frequently at specific intervals or randomly?

Also, could you specify whether the issue is affecting one user or all users?

 

For further troubleshooting, I would like to suggest initiating continuous ping tests from the test user to the public IP address of the FortiGate device where the dial-up tunnel is being established. This will help determine if there are any communication drops with the FortiGate.

 

 

 

Maulish Shah
hbac
Staff
Staff

Hi @fortimaster,

 

Based on the error message, please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-retransmission-and-DPD/ta-p/294932

 

What is the FortiGate and FortiClient version? Does it happen to other users? Does it work with IKEv1? 

 

Regards, 

fortimaster

For the moment it works fine afther that I have updated forticlient agent. Currently Im the only user of the tunnel, I'm checking it. With Ike v1 I didn't have the problem but the tunnel was not exactly the same.

I will mantain you informed but I think it works fine with the Forticlient Update. I had an old 6.2 version .Thanks.

sahmed_FTNT
Staff
Staff

Hello, I would suggest verifying VPN settings on both sides are same.

 

Also you can view Firmware release notes for any known issues

 

 

Security all we want
fortimaster
Contributor II

Definetivelly the problem was solved upgdating forticlient to the latest  version .Thanks for your help¡¡¡

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors