- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPsec with duplicated phase 2 selector
Hi Community,
we have a fortigate vm with a ipsec tunnel. The tunnel is up, but in the IPsec Monitor it shows the phase 2 selector twice (same name, one up, one down). Also via snmp we get information for two phase 2 selectors with the same name.
We tried to recreate phase 2, reboot the fortigate and recreate the complete ipsec tunnel. It still shows the phase 2 selector twice.
Did somebody had a similar behavior in the past?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Check phase 2 selector of both FG, source and destination may mismatch. In that case the first tunnel attempt fails and shows tunnel down before re-establish the tunnel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for this information. On the other side there was a ip address in phase 2 and on our side there was the subnet configured. We changed it from subnet to the ip address and phase 2 is now shown once.