Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hjboven
New Contributor

Status of Site to Site IPsec with multiple Phase 2 Selectors

Hi,  We newly connected via IPsec VPN with multiple subnets on both sides. 

I used the VPN Wizzard to establish the VPN and the Tunnelstatus shows up 

But of course this is only an indication of the whole as multiple Phase 2 Selectors have been entered.

 

Most of it is working fine. But yes you guessed it 1 of the 9 Subnets on my side is unreachable.

Is there a way to see the status of the indvidual Phase 2 Selectors ??

1 Solution
emnoc
Esteemed Contributor III

Yes

 

diag vpn tunne list

 

scan thru the output for each proxy-id and look at the SPI and bytes-sent/recv

 

if you have a SPI value , than I would 1 > check routing & fw.policy and 2>the cli cmd  diag debug flow is your friend.

 

Check out 

http://socpuppet.blogspot.com/2013/10/site-2-site-routed-vpn-trouble-shooting.html

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
1 REPLY 1
emnoc
Esteemed Contributor III

Yes

 

diag vpn tunne list

 

scan thru the output for each proxy-id and look at the SPI and bytes-sent/recv

 

if you have a SPI value , than I would 1 > check routing & fw.policy and 2>the cli cmd  diag debug flow is your friend.

 

Check out 

http://socpuppet.blogspot.com/2013/10/site-2-site-routed-vpn-trouble-shooting.html

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors