Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
YuChow
New Contributor II

Sovled:FEC not enabled for IPSEC(Update:Not works for dialup mode)

I already followed the official document to set ipsec phase1 and firewall policy,the server side still can't enable.But on the client side,fec enabled and working.System is fortigate 7.4.1 and licensed.

this is debug log:
3GBZykN2sRblDaS

 


and this is my config:
En7vbS4sUFIWt3V

 


TSxPkduGpVIc96t

 


But on the other side.the client,FEC is enabled and working.
This is debug log:
BM9tpmfoDlH8UeX

 


and this is my config:
tac4IEDNXmzP3Fb

 


Z2kM8frgjzTbtGV

 

1 Solution
YuChow
New Contributor II

Solved,dial up mode server will generate other one tunnel.Like name_0,name_1,etc.So need use "diagnose vpn tunnel fec name_0",not "diagnose vpn tunnel fec name" to check logs.

View solution in original post

6 REPLIES 6
hbac
Staff
Staff

Hi @YuChow

 

Can you provide the output of the following commands: 

 

diagnose vpn tunnel list

show vpn ipsec fec 

 

Regards, 

YuChow
New Contributor II

@hbac 

111.png

 

122.png

 

123.png

 

321.png

 

YuChow
New Contributor II

and my net packet loss always about 10%.

YuChow
New Contributor II

I have test if use p2p with out NAT in a local test.FEC works.The FEC not works when one side behind NAT?

1.png

 

2.png

YuChow
New Contributor II

Local test,using dialup mode.Server(NGF-1) side fec enabled=0,not works.

3.png

 

YuChow
New Contributor II

Solved,dial up mode server will generate other one tunnel.Like name_0,name_1,etc.So need use "diagnose vpn tunnel fec name_0",not "diagnose vpn tunnel fec name" to check logs.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors