Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheDude
New Contributor II

Created on ‎10-30-2015 07:33 AM

Site to Site VPN status down

This is not my strongest area but it is the its the task at hand..

Main office 100D v5.2.2

Branch 60D v5.2.2

Followed instructions from video to create a site to site. Went to VPN/Monitor/IPSec Monitor and it shows the status as down. Any guidance would be greatly appreciated. 

16188
0 Kudos
1 Solution
TheDude
New Contributor II
In response to ede_pfau

Created on ‎10-30-2015 09:31 AM

https://www.youtube.com/watch?v=sZC0AldHi34

 

I have been going through them line by line and look identical. After completing the wizard, the phase 2 selectors were all zeros. I've manually set them to the correct addresses and it made no difference.

View solution in original post

6135
0 Kudos
8 REPLIES 8
rwpatterson
Valued Contributor III

Created on ‎10-30-2015 09:16 AM

Have you created the policies as well? Without them the tunnel will never come up.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
6100
0 Kudos
TheDude
New Contributor II
In response to rwpatterson

Created on ‎10-30-2015 09:23 AM

It built them automatically. 

 

6100
0 Kudos
gschmitt
Valued Contributor
In response to TheDude

Created on ‎11-01-2015 11:11 PM

TheDude wrote:

It built them automatically.

Did you use the "FGT to FGT" template? That should create nearly everything automatically, so I would assume a Quick Mode mismatch 

6101
0 Kudos
AtiT
Valued Contributor
In response to gschmitt

Created on ‎11-01-2015 11:55 PM

Hi,

Did you set the routing to the VPN interface?

AtiT

AtiT
6101
0 Kudos
TheDude
New Contributor II
In response to AtiT

Created on ‎11-02-2015 06:15 AM

I did use the FGT-FGT template. Ran the commands suggested by ede_pfau and see that its trying to use my modems provided subnet which does not match what the fortigate gives out. Assuming I need to bridge the modem.

6100
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to rwpatterson

Created on ‎10-30-2015 09:29 AM

From "video"...there are hundreds I guess. Link? So that we can check what you've configured yet.

 

In my experience it's almost always the last 1% of the config which doesn't match - PSK, ph1 settings, ph2 settings, Quick mode selectors. Once you have it 100 % identical on both sides it snaps OK.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
6100
0 Kudos
TheDude
New Contributor II
In response to ede_pfau

Created on ‎10-30-2015 09:31 AM

https://www.youtube.com/watch?v=sZC0AldHi34

 

I have been going through them line by line and look identical. After completing the wizard, the phase 2 selectors were all zeros. I've manually set them to the correct addresses and it made no difference.

6136
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to TheDude

Created on ‎11-01-2015 10:46 AM

In Dashboard > Console, please enter the following and post the (text) output from both FGTs here:

diag deb ena

diag deb app ike -1 Stop output by hitting Ctrl-C. This will debug the initial part of the VPN buildup (namely phase1). Hopefully you don't have a lot of VPNs on these FGTs...

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
6100
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.