Urgent help regarding IPSec site to site VPN

sohrab · ‎06-10-2015

Dear brother.

Hope you will be fine with good health. bro i am configuring ipsec site to site vpn on fortigate 60 D. i configured all steps according to documentation of fortigate, i am configuring in interface mode. all steps are correctly configured, i mean, first i configured phase 1, then phase 2, then defined addresses for my lan and for remote lan, and then i made 2 policies , one for my lan and other for remote lan, and then defined static rout for vpn traffic, and after all this when i went to ipsec moniter to check the vpn status, it is still down. i checked in log , there message shows, ipsec phase 1 negotiate success. then i checked the vpn status via debug ike1 command, so it shows me. phase 2 config found, request is on the queue.

i need urgent troubleshoot for this, sohrab.khaliq@gmail.com . this is my email address. i will be very very thank ful if you can solve my issue.

thank you in advance for your reply, awaiting anxiously. because i have to deploy it urgently.

Regards:

Toshi_Esumi · ‎06-10-2015

By assuming both sides are FG60Ds and you have access to both at the same time, what I would do in your situation is "diag sniffer packet any <the other side of public IP>" on both end if both are actually sending/receiving packets to/from the other end.

Then try "diag vpn ike log-f dst-addr4 <the otherr side of public IP>, diag debug app ike -1, diag debug ena" to see what part/phase is failing on which side.

Urgent help regarding IPSec site to site VPN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website