- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
S2S VPN VMWARE Edge
Hello Together
I have the following problem:
On the Fortigate, a couple of S2S VPN are made to a Vmware Edge Firewall.
One S2S VPN interrupts so every 45-48min but only for 2-3 seconds.
Phase 1 goes down + phase 2 goes down but comes right back up.
The other VPN configured exactly the same do not have this problem.
Does anyone know such problems?
Thanks for your help
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was a problem on the part of Vmware Edge
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I would recommend to check logs VPN logs and check ike debug traces on FortiGate side once the issue is triggered.
diagnose debug application ike -1
diagnose debug enable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Normally phase2 timer you will have 60 min by default, so rekeying should happen 2 min before that, but phase 1 should not go down.
Can you please let me know how you are verifiying that phase1 is actually went down?
Also as my colleague requested please share ike debug, it will help us to find more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Yes the phase 1 also falls away but comes right back up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I have fixed the problem.
I have set the keylifetime down to 30min. Since I did this the tunnel no longer went down
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Was a problem on the part of Vmware Edge
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would recommend to check logs VPN logs and check ike debug traces on FortiGate side once the issue is triggered.