I opened a case today but would love to bounce this off the community. I have a 601f (7.0.11) that is the hub of my network. It currently has several site to site tunnels to my offices and I am adding a dial up hub for my stores. When the spoke builds phase 2 the hub stops being able to pass traffic across any site to site tunnel. The bizarre piece is that the tunnels show up and events aren't generated showing the tunnels dropping. I can't even ping across them on the directly connected IP. There is nothing weird in the routing table either. As soon as I disable the dial up tunnel on the spoke side connectivity restores on all of my site to site tunnels. Is there some kind of limitation where you can't have site to site and dial up tunnels on the same firewall?
Hi,
As you mentioned "events are generated showing the tunnels dropping", need to check those or debugs to check why we are seeing drops
Sorry I mistyped after a very long working day. The tunnels "aren't dropping" I edited my original post to reflect as much.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1789 | |
1120 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.