- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPsec VPN - Duplicated Phase 2 Selectors
Hi Community,
We have 2 IPsec Tunnels (Tunnel 10 and Tunnel 20) between Fortigates (Remote and Concentrator) with only 1 Phase 2 Selector configured and auto-negotiate disabled. Both tunnels are working as expected where we have connectivity from both sides.
Tunnel 10 is presenting 2 Phase-2 Selectors via GUI und CLI, where the first Phase-2 is UP and the second one is DOWN. We have already deleted the entire Phase 2 Interface and reconfigured it, restarted the entire cluster (A-P) and nothing helps.
We really don´t understand why there are 2 Phase Selectors in a scenario where we have only 1 configured, please any idea how to troubleshooting and solve this issue?
FortiOS 6.4.11 and keep in mind that Tunnel 20 with the same setup in the same device has not this issue and we have several others FGT with the same setup and also not presenting this issue.
I really appreciate any comments, thank you!
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem solved! Destination Address mismatch between FGTs where we had x.x.x.0 instead x.x.x.128, so FGT Remote set the original Phase 2 Selectors DOWN creating automatically another Phase 2 Selector excluding the wrong network. Adjusting the object automatically Phase 2 Selectors were adjusted having only one there!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problem solved! Destination Address mismatch between FGTs where we had x.x.x.0 instead x.x.x.128, so FGT Remote set the original Phase 2 Selectors DOWN creating automatically another Phase 2 Selector excluding the wrong network. Adjusting the object automatically Phase 2 Selectors were adjusted having only one there!
