I configure ipsec vpn on Fortigate 60D with firmware version 5.4.1. I create the first tunnel (VPN1) and I check the vpn connection. Everything is OK. I create second one (VPN2) and both VPNs (VPN1 and VPN2) work. And then I create the third tunnel (VPN3) on fortigate. I check the connections VPN1, VPN2, VPN3, it works only the last one (VPN3 (pass), VPN1 (failure), VPN2(failure)). When I delete the last created vpn (VPN3), both VPNs (VPN1 and VPN2) work. How can I create more than two ipsec vpn tunnels?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
please write hear following command result. but then create three vpn.
dia debug app ike 255
dia debug en
You can create dozens of VPN tunnels, that's no problem. In your case the config of the 3rd tunnel contains some element which blocks the other tunnels, like a duplicate remote IP address, or identical Quick Mode selectors in phase2.
You should post (in text form) the phase1 and phase2 configs, then we'll see.
Output from the following cli cmd;
diag vpn tunnel list
diag vpn ike gateway
get router info routing all
Keep in mind you can create as many ipsec-tunnel as the platform max matrix values. if you on a dialup vpn, you can unique define these by a local-id per peer value set in the phase1 config.
Also to add to ede, there probably something else screwing up the other 2, I would not hesitate to add any routing-issues if we are using a "route-based" vpn.
PCNSE
NSE
StrongSwan
Thank you for your response.
The problem is solved. The solution is proper usage of Peer ID on the fortigate gateway.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.