Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
Hello Experts,
i have the same problem. i mean during site to site vpn on 60 D. I configured in interface mode. all steps successfully configured, i mean, first phase 1, then phase 2 , then addresses i created for local lan and remote lan then 2 policies i created , one for local and one for remote, after that when i check in ipsec moniter. tunnel is not up. when i checked in log file of vpn. it says 'ipsec phase 1 negotiate success.' you can find the out puts in attachment. and in cli when i run the command "diag debug application ike 255.
it shows me the following out put.
ike 0:Fuj_FCA_VPN:FCA_IPSEC_VPN_P2.: using existing connection ike 0:Fuj_FCA_VPN:FCA_IPSEC_VPN_P2.: config found ike 0:Fuj_FCA_VPN:FCA_IPSEC_VPN_P2.: IPsec SA connect 6 213.97.223.228->213.82.83.89:500 negotiating ike 0:Fuj_FCA_VPN:5446:FCA_IPSEC_VPN_P2.:5443: ISAKMP SA still negotiating, queuing quick-mode request ike 0:Fuj_FCA_VPN:FCA_IPSEC_VPN_P2.: IPsec SA connect 6 213.97.223.228->213.82.83.89:500
I need urgent help from experts please. this is my email address. sohrab.khaliq@gmail.com
awaiting for your kind reply.
Hello Sohrab,
is it possible to post your configuration? or at least the vpn/policy/routing sections?
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Weird bug.. I had the same issue with the same error going to an AWS VPN connection. I re-pointed the tunnel to a bad IP, saved, then pointed it back while watching the debug. The connection dropped, the related policies were disabled, then when I pointed the tunnel back to the correct IP it reconnected and all policies enabled. Since then everything is working great. This tunnel has been up for about a month before this issue. Another interesting thing is the "monitor" didn't fail over to the other redundant tunnel. It's almost like this tunnel was locked up but the FW didn't know it failed to bring up the secondary.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1667 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.