Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
stanjdavis
New Contributor

Timeouts over new IPsec Tunnel

Hi, We currently have 3 branches connected over IPsec tunnels with two of our branches using FortiWifis (60D and 60E) and another one using a Sonicwall appliance. We are adding another tunnel to a company in Germany which is using a Fritz!Box 6490 Cable appliance. All branches have 100+ Mbps Internet connections and the IPsec tunnels between each of our existing locations are fast and have no issues.   I created an IPsec tunnel between the Fortigate in our main office and the Fritz!Box in Germany and the tunnel is shows as "up" and being successfully connected in both routers but when doing a ping scan of the main network using Advanced IP Scanner from Germany, the traffic logs in the Fortigate cloud first show timeouts, and then show that it was accepted, but nothing ever comes across. Any other types of transmissions over other protocols don't work as well.    I have access policies created to allow all between the tunnel (for now) and created a static route matching the other IP sec tunnels (modified for their subnet) and everything is really fast over SSL VPN connections, is there anything else I'm missing or something I should check in this instance?   Thanks!
2 REPLIES 2
ede_pfau
Esteemed Contributor III

IMHO a FritzBox is home equipment and should not be used for company purposes. IPsec VPN support is feeble, overall stability is weak, you will need frequent reboots. I still remember that they couldn't even get modem mode stable. IMHO do yourself a favor and get a decent firewall/modem combo, like Fortinet + Draytek|Zyxel for VDSL.

 

Spending a couple of hours trying to debug this will easily cover the higher cost for professional equipment.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
stanjdavis

Thanks, yeah I was thinking the same thing and was surprised that they even had the IPsec tunnel available for the device but it was inherited so I figured I'd do due diligence to see if I could get it to work without having to buy something else. 

Labels
Top Kudoed Authors