Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Tunnel IPSEC in FortiGate

good morning friends.

I have configured an IPsec tunnel on my FW, however at first it was UP, after a few minutes the tunnel went down. The tunnel was raised manually then it fell in a few minutes and so on. What could be the problem? It has been validated that both computers have the same configuration.

5 REPLIES 5
esalija
Staff
Staff

Hi @unknown1020 

 

Please run the IKE debug command while the issue is happening and check the output:

# diagnose debug reset

# diagnose vpn ike log-filter dst-addr4 <Remote_Peer_IP>

# diagnose debug application ike -1

# diagnose debug console timestamp enable

# diagnose debug enable

 

To disable :

# diagnose debug disable

# diagnose debug reset

 

For more details follow the KB step-by-step - > https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...

 

Best regards,

Erlin

unknown1020
New Contributor III

Friends, I managed to raise my tunnel, however when I ping the remote IP I have no response, what could be the problem?

IMG-20240122-WA0006.jpg

sahmed_FTNT
Staff
Staff

Hello, kindly make sure the below options are configured to make sure tunnel remains up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepali...

Security all we want
vbandha
Staff
Staff

Hello @unknown1020 

 

Also check Dead Peer Detection setting on both sides. 

Make sure it is set to 'On Demand' 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-I...

 

Regards,

Varun

salemneaz
Staff
Staff

Do a continuous ping to the remote IP address to make sure that it is remaining up, and also change the mode to aggressive.

 

config vpn ipsec phase1-interface
edit <name>
set mode [aggressive|main]

 

Article Reference:

---------------------------------

https://docs.fortinet.com/document/fortigate/7.0.1/cli-reference/368620/config-vpn-ipsec-phase1-inte...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Differences-between-Aggressive-and-Main-mo...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPN-Phase-1-Process-Aggressive...

 

Salem
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors