Hi all,
I'm checking a new dial up IPSEC tunnel using forticlient and it works fine but it goes down suddenly. I've checked all parameters and they are apparently fine (key life time etc). I have done a debug and we can see a message that could be the cause of the problem:
"0:IPSEC-VFG_0:16536: 91902cc522f37f02/8ff2ab98b902574d negotiation of IKE SA failed due to retry timeout". I attach you all the debug messages just before the tunnel goes down. Could you help me? What could be wrong in the tunnel?
Could you help me? Thanks ¡¡¡¡
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @fortimaster,
Could you kindly provide the configuration details for the IPsec dial-up tunnel?
Furthermore, could you confirm whether the tunnel goes down frequently at specific intervals or randomly?
Also, could you specify whether the issue is affecting one user or all users?
For further troubleshooting, I would like to suggest initiating continuous ping tests from the test user to the public IP address of the FortiGate device where the dial-up tunnel is being established. This will help determine if there are any communication drops with the FortiGate.
Hi @fortimaster,
Based on the error message, please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-retransmission-and-DPD/ta-p/294932
What is the FortiGate and FortiClient version? Does it happen to other users? Does it work with IKEv1?
Regards,
For the moment it works fine afther that I have updated forticlient agent. Currently Im the only user of the tunnel, I'm checking it. With Ike v1 I didn't have the problem but the tunnel was not exactly the same.
I will mantain you informed but I think it works fine with the Forticlient Update. I had an old 6.2 version .Thanks.
Hello, I would suggest verifying VPN settings on both sides are same.
Also you can view Firmware release notes for any known issues
Definetivelly the problem was solved upgdating forticlient to the latest version .Thanks for your help¡¡¡
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.