Hello together,
I have a strange behaviour with one of our S2S IPsec tunnel.
First things first: Tunnel Phase1 and Phase2 is up. Routing and Policies are configured. Everything is working fine.
Then every other day one of the remote networks is not reachable anymore (the Logs show that the FortiGate is sending the traffic into the tunnel but there is no packet coming back as an answer).
This network is then not reachable for exactly one our (Phase2 Key lifetime) and then everything works again.
For me it looks like the FortiGate in this cases is not able to negotiate the SA with the remote gateway correctly. On the remote site there is a CheckPoint Firewall.
I was not able yet to get a deeper look at what happens in those cases under the hood because mostly everything is back to normal as soon as I'm connected to the FortiGate.
Maybe one of you knows this bevahiour and can tell me what the cause of this could be.
Thank you very much in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Is your IPsec bounded to an loopback interface on the Fortigate ? If so, please make sure you have IPv4 policy to allow traffic between the loopback and the wan interface. Maybe would be easier if you can share with us the phase1 and phase2 configuration of the tunnel in question.
Another useful output will be:
# diag vpn ike log-filter name (phase1 name of the tunnel)
# diag debug app ike -1
# diag debug enable
Best regards,
Vasil
Thank you for your answer!
I think i found the problem...
I just saw 5 Minutes ago, that there are a lot of ESP errors. But only on this one VPN Tunnel. All the other tunnels are working fine without any errors.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.