IPsec tunnel shows tunnel is down

yeowkm99 · ‎08-12-2024

i setup 2 IPsec tunnel with counterpart at AWS. the tunnel is working fine but there are 2 separate links showing that the tunnel is down.

how do i remove the unwanted tunnel.

phase2 selector route is down.

or shall i do i reset to bring up the tunnel.

amuda · ‎08-13-2024

Hi @yeowkm99 ,

You may run ike debug to check what happened.

ref- https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

Amerul
APAC TAC

View solution in original post

ozkanaltas · ‎08-12-2024

Hello @yeowkm99 ,

Do you have two phase 2 configurations in the ipsec configuration? If you say yes, you can remove the second phase 2 configuration from the tunnel configuration. Or if you want to bring up this second phase 2 network, you need to add this network on the remote side also.

If it possible, can you share the ipsec phase 2 configuration with us?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

hhasny · ‎08-13-2024

Hi @yeowkm99 ,

Are they both Fortigate firewalls?

Try checking both end if the phase2 selector matches first.

regards,

amuda · ‎08-13-2024

Hi @yeowkm99 ,

You may run ike debug to check what happened.

ref- https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

Amerul
APAC TAC

jiyong · ‎08-13-2024

Hi @yeowkm99 ,

Please check command result below.

# diag debug console timestamp enable
# diag debug application ike -1
# diag debug enable

Regards,

Jiyong

IPsec tunnel shows tunnel is down

Nominate a Forum Post for Knowledge Article Creation