Re: Newly Created IPsec Tunnels Not Functioning

rharms_tarc · 05-01-2025

I just finished creating a large number of site-to-site IPsec tunnels (approx. 170) using the CLI, but most of them don't seem to be functioning. Only six or eight of them have ever come up and connected. I can see all of them in the gui, and in a ba...

rharms_tarc · 04-15-2025

We have two WAN links from two different ISPs coming into our active/passive HA pair of FortiGate 300Es running v7.4.7 build2731 (Mature). Currently there is no aggregation or load balancing in place. They are just two separate circuits, and one isn'...

rharms_tarc · 03-19-2025

For some quick background, I'm trying to establish IPsec VPN tunnels with a fleet of transit buses to allow access to some on-prem servers at our headquarters. Each bus has a non-FortiGate cellular router using the same 192.168.x.0/24 internal subnet...

rharms_tarc · 02-26-2025

Working on a project that is going to involve around 150 site-to-site IPsec tunnels. Near end is a FortiGate 300E. Remote ends are Digi TX64 cellular routers installed on transit buses. IPsec setup is straightforward enough. The issue is all of the b...

rharms_tarc · 02-20-2025

I'm working on setting up an IPSEC VPN tunnel between a remote cellular router (Digi TX64) and the FortiGate 300E at our headquarters. I've got the tunnel up and stable, but can't seem to get traffic to flow properly. If I run a ping from a device be...

rharms_tarc · 05-02-2025

I found the solution to my issue. It turned out to be that the VPN module wasn't querying DNS to get the correct IP for the dynamic DNS. The solution was to change the remote gateway FQDN on the tunnel to a different domain for a moment and then chan...

rharms_tarc · 04-17-2025

Right, but I'm not trying to ping anything on VLAN 2001. I'm trying to ping the aggregated FortiGate interface that is attached to channel-group 1 on the Cisco switch. From the CLI on the switch, I can ping the non-aggregated FortiGate interface that...

rharms_tarc · 04-17-2025

spanning-tree mode rapid-pvstspanning-tree loopguard defaultspanning-tree portfast defaultspanning-tree portfast bpduguard defaultspanning-tree extend system-id!vlan internal allocation policy ascending!vlan 106name MGMT_VLAN!vlan 2001name ISP1_LUMEN...

rharms_tarc · 04-17-2025

I verified that the Catalyst also sees everything with the port channels as being good: ISP_2960G_SW1#show lacp internalFlags: S - Device is requesting Slow LACPDUsF - Device is requesting Fast LACPDUsA - Device is in Active mode P - Device is in Pas...

rharms_tarc · 04-17-2025

I tried changing the lacp mode setting to static. It caused all of the port-channel ports on the Cisco switch to drop from status bndl to status indep. I had to change the port-channel configs from mode "active" to mode "on" to get the port-channels ...

User Statistics

User Activity

Newly Created IPsec Tunnels Not Functioning

802.3ad Aggregation Link Is Up But Won't Respond

VPN Traffic Only Works One Direction

Method to Determine Route Prior to DNAT

VPN Traffic Not Leaving FortiGate