Hello people, I have a issue with my interfaces VPNs which are under of the SD-WAN from my Spoke side. Sometimes an interface VPN ( it´s no fixed interface ) no handles more any traffic but it go on up. I have the follow Envirionment

Spoke_Side                                       HUB_Side ( Dialup Server ) DC_WAN1xVPN1 IP 10.231.0.179/23 Connect TO DIALUP_VPN1 IP 10.231.1.254 DC_WAN1xVPN2 IP 10.231.2.179/23 Connect TO DIALUP_VPN2 IP 10.231.3.254 DC_WAN2xVPN3 IP 10.231.4.179/23 Connect TO DIALUP_VPN3 IP 10.231.5.254 DC_WAN2xVPN4 IP 10.231.6.179/23 Connect TO DIALUP_VPN3 IP 10.231.7.254

I need to keep all this VPNs UP and flowing traffic through they. but sometimes , for exemplo, DC_WAN2xVPN3 goes on UP but no handle any traffic, neither ping from this Interface DC_WAN2xVPN3 10.231.4.179 to DIALUP_VPN3 IP 10.231.5.254.

Any tip about this issue are welcome.

In attached there are the screeshots just time the issue

Follow my configuration VPN from HUB Side ( Dialup Server VPN ) for DIALUP_VPN3 and DIALUP_VPN4

config vpn ipsec phase1-interface edit "DIALUP_VPN3" set type dynamic set interface "INTERNET-EQX" set ip-version 4 set ike-version 1 set local-gw X.X.X.X set keylife 86400 set authmethod psk set mode aggressive set peertype dialup set net-device disable set exchange-ip-addr4 0.0.0.0 set exchange-ip-addr6 :: set mode-cfg disable set proposal 3des-md5 aes128-md5 set add-route disable set localid '' set localid-type auto set negotiate-timeout 30 set fragmentation enable set ip-fragmentation post-encapsulation set dpd disable set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 14 5 set suite-b disable set wizard-type custom set xauthtype pap set reauth disable set authusrgrp "GRPXXX" set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender enable set auto-discovery-receiver disable set auto-discovery-forwarder disable set nattraversal forced set rekey enable set enforce-unique-id disable set default-gw 0.0.0.0 set default-gw-priority 0 set usrgrp "GRPXXXX" set tunnel-search nexthop set distance 15 set priority 0 next edit "DIALUP_VPN4" set type dynamic set interface "INTERNET-MGT" set ip-version 4 set ike-version 1 set local-gw Y.Y.Y.Y set keylife 86400 set authmethod psk set mode aggressive set peertype dialup set net-device disable set exchange-ip-addr4 0.0.0.0 set exchange-ip-addr6 :: set mode-cfg disable set proposal 3des-md5 aes128-md5 set add-route disable set localid '' set localid-type auto set negotiate-timeout 30 set fragmentation enable set ip-fragmentation post-encapsulation set dpd disable set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 14 5 set suite-b disable set wizard-type custom set xauthtype pap set reauth disable set authusrgrp "GRPXXXX" set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender enable set auto-discovery-receiver disable set auto-discovery-forwarder disable set nattraversal forced set rekey enable set enforce-unique-id disable set default-gw 0.0.0.0 set default-gw-priority 0 set usrgrp "GRPXXXX" set tunnel-search nexthop set distance 15 set priority 0 next end

config vpn ipsec phase2-interface edit "DIALUP_VPN3" <--- set phase1name "DIALUP_VPN3" <--- set proposal 3des-md5 aes128-md5 set pfs enable set ipv4-df disable set dhgrp 14 5 set replay enable set keepalive disable set add-route phase1 set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set single-source disable set route-overlap use-new set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set dhcp-ipsec disable set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0 next edit "DIALUP_VPN4" <--- set phase1name "DIALUP_VPN4" <--- set proposal 3des-md5 aes128-md5 set pfs enable set ipv4-df disable set dhgrp 14 5 set replay enable set keepalive disable set add-route phase1 set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set single-source disable set route-overlap use-new set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set dhcp-ipsec disable set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0

Follow configuration from Spoke Side for DC_WAN2xVPN3 and DC_WAN2xVPN4

edit "DC_WAN2xVPN3" set type ddns set interface "wan1" set ip-version 4 set ike-version 1 set local-gw 0.0.0.0 set keylife 86400 set authmethod psk set mode aggressive set peertype any set passive-mode disable set exchange-ip-addr4 0.0.0.0 set exchange-ip-addr6 :: set mode-cfg disable set proposal 3des-md5 aes128-md5 set add-route enable set localid "loja1169_vpn1" set localid-type auto set auto-negotiate enable set negotiate-timeout 30 set fragmentation enable set dpd on-idle set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 14 5 set suite-b disable set wizard-type custom set xauthtype client set reauth disable set authusr "loja1169_vpn1" set authpasswd set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender enable set auto-discovery-receiver enable set auto-discovery-forwarder disable set encapsulation none set nattraversal forced set rekey enable set remotegw-ddns "X.X.X.X" set monitor '' set add-gw-route disable set psksecret set dpd-retrycount 3 set dpd-retryinterval 60 next

edit "DC_WAN2xVPN4" set type ddns set interface "wan2" set ip-version 4 set ike-version 1 set local-gw 0.0.0.0 set keylife 86400 set authmethod psk set mode aggressive set peertype any set passive-mode disable set exchange-ip-addr4 0.0.0.0 set exchange-ip-addr6 :: set mode-cfg disable set proposal 3des-md5 aes128-md5 set add-route enable set localid "loja1169_vpn4" set localid-type auto set auto-negotiate enable set negotiate-timeout 30 set fragmentation enable set dpd on-idle set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 14 5 set suite-b disable set wizard-type custom set xauthtype client set reauth disable set authusr "loja1169_vpn4" set authpasswd set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender enable set auto-discovery-receiver enable set auto-discovery-forwarder disable set encapsulation none set nattraversal forced set rekey enable set remotegw-ddns "Y.Y.Y.Y" set monitor '' set add-gw-route disable set psksecret set dpd-retrycount 3 set dpd-retryinterval 20 next

config vpn ipsec phase2-interface edit "DC_WAN2xVPN3" set phase1name "DC_WAN2xVPN3" set proposal 3des-md5 aes128-md5 set pfs enable set dhgrp 14 5 set replay enable set auto-negotiate enable set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0 next edit "DC_WAN2xVPN4" set phase1name "DC_WAN2xVPN4" set proposal 3des-md5 aes128-md5 set pfs enable set dhgrp 14 5 set replay enable set auto-negotiate enable set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 0.0.0.0 0.0.0.0 set dst-subnet 0.0.0.0 0.0.0.0 next