good morning friends.
I have configured an IPsec tunnel on my FW, however at first it was UP, after a few minutes the tunnel went down. The tunnel was raised manually then it fell in a few minutes and so on. What could be the problem? It has been validated that both computers have the same configuration.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @unknown1020
Please run the IKE debug command while the issue is happening and check the output:
# diagnose debug reset
# diagnose vpn ike log-filter dst-addr4 <Remote_Peer_IP>
# diagnose debug application ike -1
# diagnose debug console timestamp enable
# diagnose debug enable
To disable :
# diagnose debug disable
# diagnose debug reset
For more details follow the KB step-by-step - > https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...
Best regards,
Erlin
Friends, I managed to raise my tunnel, however when I ping the remote IP I have no response, what could be the problem?
Hello, kindly make sure the below options are configured to make sure tunnel remains up:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-the-IPSec-auto-negotiate-and-keepali...
Hello @unknown1020
Also check Dead Peer Detection setting on both sides.
Make sure it is set to 'On Demand'
Regards,
Varun
Do a continuous ping to the remote IP address to make sure that it is remaining up, and also change the mode to aggressive.
config vpn ipsec phase1-interface
edit <name>
set mode [aggressive|main]
Article Reference:
---------------------------------
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.