I just got this strange issue here:
two FGT 100E with 6.0.8 running. Between both is an ipsec tunnel.
Side A says (in IPSec Monitorr) the tunnel is up
Side B say (-"-) the tunnel is down
Side B still gets new SA Requests for that tunnel from Side A
In Debug Log on Side A you see that Side A is doing the complete handshale and even sends the tunnel up snmp trap to side B.
On Side B you only see new SA Requests from Side A and then negtiation timeouts.
P1 auto negotiation is disabled on Side B but enabled on Side A
I have no clue why this happens...
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams