Hello,
I've had two IPSEC tunnels up to Amazon Web services for years now with FG200D's and there's been no issues. on Monday the 9th without making any changes on either end we started to getting alot of DPD errors on the fortigate side. When I looked at the tunnels they would only stay up for a few seconds then drop, then back up over and over.
Message meets Alert condition
date=2017-05-08 time=22:25:46 devname=Sort-1 devid=FG200D logid=0101037131 type=event subtype=vpn level=error msg="IPsec ESP" action=error remip=**.***.**.** locip=**.**.***.*** remport=500 locport=500 outintf="TDCS-910" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" vpntunnel="IKE-1db25374-1" status=esp_error error_num="Received ESP packet with unknown SPI." spi="fad3a51c" seq="01406f49"
Message meets Alert condition
date=2017-05-08 time=22:25:46 devname=Sort-1 devid=FG200Dlogid=0101037136 type=event subtype=vpn level=error msg="IPsec DPD failure" action=dpd remip=**.***.**.** locip=**.**.***.*** remport=500 locport=500 outintf="TDCS-910" cookies="3ac684f1ae742119/41a9db74bf58f705" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" vpntunnel="IKE-1db25374-1" status=dpd_failure
As soon as I turned off DPD the tunnels came back up stayed up without any issues that I could see. I then found out that even though the tunnels show they're up they're still dropping packets without alerting me. If I login to our amazon server and ping a box on the the other side for 5 minutes I will get a few drops. My RDP connections does not fail though.
Anyone have any thoughts. I inherited this from the previous network engineer and I'm having issues figuring this out. The part that gets me the most is that nothing changed on either end.
Thank you.