Hello,
I need help debugging VPN. A tunnel is established but not traffic is passed.
One end is a FG100 the other is a netgear router. Both devices report the tunnel up but no traffic is passed. The netgear is setup correct because it was working with another netgear before i replaced it with the Fortinet.
I opened a ticket with Fortinet support but no one has even looked at it in over 24 hours. I called in 2 times and after being on hold for over 1 hour i left a message. Nobody has called me back.
Below is some debug and config info from the fortinet:
Unable to ping or trace the endpoint of the VPN tunnel.
Fortigate 100 shows tunnel is up in the IPSEC status monitor, NAT is not enabled. The other side has a netgear router that shows the vpn is also up. No traffic is being exchanged between the 2.
Here' s some debug output:
Fortigate-100 # dia vpn tunnel list
tunnel[4]:lexmar2, gateway:69.2.xxx.xxx:500, hub=, option=0
eroute[2]:{[192.168.1.*]}->{[192.168.6.*]}
channel[2]:64.60.xxx.xxx,natt=0,state=2,keepalive=0,oif=3
sa[3]:mtu=1426, cur_bytes=14248, timeout=42623275
itdb[1]:mtu=1426, cur_bytes=0, cur_packets=0, spi=654321, replay=0
AES=33333300000000000000000000000000
iv=4e9f7f46c6ebf24bc993b95237746868
SHA1_HMAC=3333330000000000000000000000000000000000
otdb[1]:mtu=1426, cur_bytes=8704, cur_packets=99, spi=123456, replay=0
AES=33333300000000000000000000000000
iv=976b744e76b70ab2d6104d1d2c66fc56
SHA1_HMAC=3333330000000000000000000000000000000000
Fortigate-100 #
Fortigate-100 # show vpn ipsec manualkey lexmar2
config vpn ipsec manualkey
edit " lexmar2"
set authentication sha1
set encryption aes128
set gateway 69.2.xxx.xxx
set localspi 0x654321
set remotespi 0x123456
set authkey ' ENC U59SU23atT+16QcTD14OS7I2lPVUhzfXQnL/grFBG+5HaRkQVCjBOOCOjsj+iUGn5lpi8QF9QAiTbmhiHwfNhqURqbU3aAIFYlsKu7aiEX4eEcNJ'
set enckey ' ENC RgQfCZtIm6n+WSFkgCVMbW4hQS+RVUESsRxN8G9RBR4jQOBEJN4JXSuZKPu2Wkn6waD3hwV3OcG0qj8PfSZVKffIDSwKcofkW6bP8JdCsE/MmxKJ'
next
end
Fortigate-100 #
Fortigate-100 # diagnose vpn ipsec status
IPSec Status
tun=1,chan=1,ref=2, info=2,dialup=0,sa=1,tdb=2,ctx=0,snd=0,hub=0
3DES is using ASIC CP2.
DES is using ASIC CP2.
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 110
0 0 204662 0 0 0 0 0
Fortigate-100 #