Hello,
I have a fortigate 1000C in the office that has several site to site VPN's, until last week all worked ok. Now the site to site vpn with Alicloud is failing. Other site to site vpn's work fine. Because of corona I work at home. Using a old Fortigate 100C I can setup an ipsec vpn to alicloud. There are moments the vpn reconnects shortly but most of the time the phase2 is failing. Phase 1 is connecting success ful. See log below (I renamed the ip numbers for privacy concerns). We have checked the internet connecion. I have setup a new ipsec between the 1000C and 100C that works fine. It looks like some issue between Alicloud and the 1000C fortigate. The fortigate runs latest firmware 5.6.13, the 100C an old firmware 5.2
I also created a new VPN gateway in a other Alicloud location, initial the IPSEC VPN when up, but after a 10 minutes or so I had the same situation that the vpn was not working. Alicloud engineer pointed that there is a issue with DPD.
Maybe anybody has some tips !
4AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000 ike 0:China:7467: sent IKE msg (P1_RETRANSMIT): 111.111.111.111:500->111.111.111.111:500, len=512, id=e3e7b07a370f05eb/903a922f48fe9095 ike 0:China:China-policy: IPsec SA connect 25 111.111.111.111->111.111.111.9:0 ike 0:China:China-policy: using existing connection ike 0:China:China-policy: config found ike 0:China: request is on the queue ike 0: comes 111.111.111.111:500->111.111.111.111:500,ifindex=25.... ike 0: IKEv1 exchange=Aggressive id=e3e7b07a370f05eb/0000000000000000 len=420 ike 0: in E3E7B07A370F05EB00000000000000000110040000000000000001A40400003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200028004000E0A000104E8AC5F089BE4CA947875C12F62B4EB712818D948DC97E29FCDAB37131A1C0237DC02815F32BBC54D5BDC4A1155364BB1AEA82CA92CA1D4DCFA3B1202647E98EC53733E5EC930F5F5497B8F2DDDEBE4B73B712D42801068F155C96D10111A291244A1C4C5A5DB046902EDB9A6FD5A33BA1AFEE825DFE1DDEA5C8B3B9DD7DE89EAEEE3DA365FF13FB9F31A5BBCDB9C1B7A4FC3EA0566C81F456A696506D97AFC8E7563E07B4ED5C6F7A1A57465A70C908307000F68121E2EC62E30A4BAD52F3F53826D6F4E1A877E6C43454DC51C0C1B63313A926AD7ECFFDCEDF912A0882EE20BF0A2A2B81E204DF2E599460EE9B0930828DE292F6D02F39343404586A3497D5F05000014FC2768D296F66E145EDCA9C23226B6A60D00000C010000002FFE9E090D0000144A131C81070358455C5728F20E95452F00000014AFCAD71368A1F1C96B8696FC77570100 ike 0:China:7467: retransmission, re-send last message ike 0:China:7467: out E3E7B07A370F05EB903A922F48FE90950110040000000000000002000400003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200028004000E0A00010413069E10AB9E7C27F157A4D6CB4312D48C27FE1A4108707CFF0FBB22D061E51DD6D1B71E019D22413CF61B5EF9FB0C7D77DE4B17234624F64898BC91868EE1CC3EB355D1A610660535C1089F20789DF24F302A3B785857DA662D0A338C19D7C8270021C6E865B54746C35D8BD33D0CC2FC94E762D746DDC6B5820D328FE7F7DAE5E10A6A200C232212D0E03AE8A0149A7C5E89132FE6D6F599AAFEEE75E0536364332446DDAF30BC0CC8FD7E4EA51827AC638005776A107DE24F8F1D660CE9DCA77FB8EDDD3457FFADD758B8B948441162F97A687C0C5F40EA33A5BE676221FCEC5DB3BE3876887BD4BC9365AE92592FDF8564289D2649EF071BA03DD91A91D305000014E8E6DEBCD5639F5082852C9E336995CD0800000C01000000D964C40A0D000018D685F2BC09662F390D8805FCA3306C0D9178F0CE140000144A131C81070358455C5728F20E95452F1400001854308432D95678D72A7BAC102061A29C206390E00D00001879BDC9FA8F791827AB7DCB51B7BFF756003BC2940D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000 ike 0:China:7467: sent IKE msg (retransmit): 111.111.111.10:500->111.111.111.1:500, len=512, id=e3e7b07a370f05eb/903a922f48fe9095
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.