Hi,
I had an IPsec tunnel working between HO and Branch Fortigates until I changed the WAN IP Address in HO. The branch office Fortigate is behind a Nat Device with a private IP on its WAN Interface. I even recreated the dial-up Tunnel using the wizard but it is not coming up. How can I troubleshoot to resolve this?
Thanks.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You can start using this, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...
On the branch, have you enabled NAT-T and set the remote-gw as the new IP of the HO ?
Also, is the HO configured as a dialup server or is it site2site, expecting to match a remote ip/branch ?
Also, make sure in the HO that the new IP is reflected in the vpn config, you can do a show full vpn ipsec phase1-interface to see if there's something to change for it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.