Hello
We are facing the tunnel error. Both side tunnel are up but we received reply packet 1 time after that cannot ping each other. Both side using IKEv2.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
here is "diag vpn ike gateway list"
vd: root/0
name: NewPayment_MPT
version: 2
interface: wan1 7
addr: 103.83.34.148:500 -> 45.112.177.14:500
tun_id: 45.112.177.14/::45.112.177.14
remote_location: 0.0.0.0
network-id: 0
created: 765s ago
peer-id: 45.112.177.14
peer-id-auth: no
PPK: no
IKE SA: created 2/14 established 1/1 time 60/60/60 ms
IPsec SA: created 2/2 established 1/1 time 0/0/0 ms
id/spi: 228892 28e8a768340c24f9/88815001a92f73bd
direction: initiator
status: connecting, state 3, started 0s ago
id/spi: 228868 15f6e16c1f42fba9/f2373c07de62a255
direction: responder
status: established 762-762s ago = 60ms
proposal: aes256-sha256
child: no
SK_ei: a87bcd7c7f294ad8-7da543b8afd59332-7bb817e9a3503391-6d947337128d4ffe
SK_er: 27201ffa3e28e9a3-e4420374e85fa489-f3ea2242d2056267-0d0b83764fab066d
SK_ai: 1f99eb56a1bff378-cba0e9f45f23fb99-7d1ce8517eafa41c-71f194595d9659ca
SK_ar: a1e7396896c6ff90-f524e37c1a97054b-24adb27fe0c4236e-5c4a71b96ddb31cb
PPK: no
message-id sent/recv: 0/78
lifetime/rekey: 28800/27767
DPD sent/recv: 00000000/00000000
peer-id: 45.112.177.14
Hi @ZayYar ,
Is it possible for your to share your VPN Configuration from either side along with VPN routes, Firewall policies etc for review. If the tunnel UP on both side, please share below output as well.
> diag vpn tunnel list name <nameofP2>
You can also gather additional information related to ESP packets and your actual traffic through tunnel using diag sniffer command for further troubleshooting.
You may follow this article for any help on this.
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Best Regards,
Saneesh
Hi @ZayYar,
Please collect debug logs as per this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.