I have a FGT61F running 7.4.3 at the home office and another identical in a remote office. Home office has the static IP. We had a long-term power outage over the weekend and once it was restored the tunnel will not come back up. I have rebooted the FGTs and modems on both ends. In logs I see action-negotiate and stats-success on the home office every 30 seconds and delete_phase1_sa on the remote office. I tried to flush the tunnel from both ends and no luck. Any ideas? We have had power failures in the past and never had this issue.
Thanks for the help.
Start by checking if the remote gateway is reachable with ping, or with "diag sniffer packet ..." while you try to connect with VPN.
If it is reachable then you can try the below commands for troubleshooting.
diagnose vpn ike log filter ...
diagnose debug application ike -1
diagnose debug application fnbamd -1
diagnose debug console timestamp enable
diagnose debug enable
A full guide is available here if needed.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...
Hope it helps.
Hi @rfs3pa ,
We definitely need IKE debug outputs.
If you have only one IPSec VPN tunnel, you don't have to configure the log filter.
Run the following CLI commands on both peers:
diag debug application ike -1
diag debug enable
You don't need to collect the debug outputs with fnbamd since it is for authentication, not for IKE.
Thanks for the help. It's all good now, there was an address set to a static that should not have been, it was really DHCP and it changed when the service came back...
Hi rfs3pa,
Glad that the issue is resolved.
You can always bookmark below article for future ref with respect to IPSEC VPN
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.