Hi everyone.I have a question about IPsec phase 2 in FortiGate. I need
to create nearly 60 IPsec site-to-site tunnels. At the center site, we
have 8 different subnets. Is it better to create a separate Phase 2 for
each subnet or use 0.0.0.0/0 as the ...
Hi everyone.I need to create two phase2 interfaces for IPSec Remote
access to allow users to connect to two different subnets. I have
created phase 1 and phase 2 interfaces, but the VPN connection failed.
config vpn ipsec phase1-interfaceedit "IPsec_...
Thanks for respondingwhen I enabled ipv4-split-include I could ping just
one subnet addressI created a policy from the VPN connection toward
IPsec_Clients_split.
I removed set ipv4-split-include from Phase1-Interface, and now
everything is OK. Would you please tell me what the reason is?This is my
Configuration: config vpn ipsec phase1-interfaceedit "IPSec_Clients"set
type dynamicset interface "wan1"set local...
ike 0: no established IKE SA for exchange-type Informational from
xxx.xxx.xxx.179:500->xxx.xxx.xxx.72 7 cookie
ad8f4dccb37dd3ec/e48f5c1030aef594, dropike shrank heap by 4096 bytes
Hi ike 0: comes
xxx.xxx.xxx.179:500->xxx.xxx.xxx.72:500,ifindex=7,vrf=0....ike 0: IKEv1
exchange=Informational id=ad8f4dccb37dd3ec/e48f5c1030aef594:8aeb74a3
len=108 vrf=0ike 0: in
AD8F4DCCB37DD3ECE48F5C1030AEF594081005018AEB74A30000006CA19885F79AC9B5...
Hi ike 0: comes
xxx.xxx.xxx.179:500->xxx.xxx.xxx.72:500,ifindex=7,vrf=0....ike 0: IKEv1
exchange=Informational id=ad8f4dccb37dd3ec/e48f5c1030aef594:8aeb74a3
len=108 vrf=0ike 0: in
AD8F4DCCB37DD3ECE48F5C1030AEF594081005018AEB74A30000006CA19885F79AC9B5...
