- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log/Counter For VPN Tunnel Down?
Hello all. A lot of remote access IPsec clients see random phase2 down messages. I was wondering how do i go about getting to the root cause of each phase2 down instance? I'd like to know if it was just due to DPD deciding FGT can't see the client for a period of time so it yanks the tunnel down or whatever else might cause it. Usually when DPD's the culprit, I see log messages about it prior to the phase2 down message. Can anyone point me in the right direction?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you happen to have some FOrtinet logging device connected to your FGT you could look into vpn event log there.
Works fine here on our FortiManager.
[strike]If not you could only look at ipsec debug log on cli instead as I don't think that this is in standard event log.[/strike]
Correction: you see it on the FGT in the Log&Report menue under vpn events.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think the logs will be useful on telling you why a phase2 went down. Not sure on what you striving to get at. So many factors can determine why a vpn is disconnected, imho
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you happen to have some FOrtinet logging device connected to your FGT you could look into vpn event log there.
Works fine here on our FortiManager.
[strike]If not you could only look at ipsec debug log on cli instead as I don't think that this is in standard event log.[/strike]
Correction: you see it on the FGT in the Log&Report menue under vpn events.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't think the logs will be useful on telling you why a phase2 went down. Not sure on what you striving to get at. So many factors can determine why a vpn is disconnected, imho
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see. Thank you. I've further familiarized myself with the P1 and P2 negotiation process since my last post and now have a better understanding of what either phase needs in order to successfully complete and then remain active. I believe my disconnects were largely due to DPD failures. I wonder if I can use Link Monitors on remote access VPNs.