- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec negotiation failure
I have a probleme with negotiation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If (IF) this is truly a phase2 error, then it might be
- mismatching QM selectors (a.k.a. "protected domains")
- PFS setting mismatch
- if this is a dial-in tunnel: failure to assign client IP address
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thanks for your feedback. The problem still exists, today in the morning the tunnel is down but after an hour it is up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is DPD enable?
what's the other end ? ( fgt panw csco forcepoint jnpr )
if you "vpn ike gateway clear" does that speed up the recover ?
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The remote device is FortiGate.
The recover speedly
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you have bad internet access? This might explain the interruptions
For the ipsec-sa make sure auto negotiate is enabled for speedy recovery
config vpn ipsec phase2-interface
edit < name >
set auto-negotiate enable end Depending on FortiOS this might not be set automatically.
PCNSE
NSE
StrongSwan