Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Anand_Narayana
Contributor

VPN tunnels goes down when configured through Cisco PIX

Hi, I have configured IPSEC vpn using between FG (interface mode) & Pix/ASA. The vpn tunnel works perfectly until the remote Cisco PIX/ASA rebooted manually for some reason or any ISP fluctuation. Later the vpn tunnel would never come up. So as a practice/temporary fix, i change the phase-1 interface from ISP-1 (wan1) to some other interface (port1), apply that settings & revert back the phase-1 interface as ISP-1(wan1) again. The tunnel comes up. This never occurs between FG & FG. All it occurs only when FG one side & Cisco PIX/ASA the other end. Any idea?

Anand

Anand
8 REPLIES 8
rwpatterson
Valued Contributor III

You could add through the CLI in IPSEC phase 2 " set auto negotiate enable" . This will attempt to keep the tunnel up if it drops. Not sure if that will work, but worth a try.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Anand_Narayana
Contributor

Thanks for the reply Bob. I have applied that settings. Let me wait for an ISP fluctuation to occur & then will update this post :)

Anand

Anand
Anand_Narayana
Contributor

No luck by setting the " set auto negotiate enable" .

Anand

Anand
rwpatterson

What firmware version is the FGT running?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Anand_Narayana
Contributor

I use Fortigate-310B 3.00-b5469(MR7)

Anand

Anand
rwpatterson

If I recall there was an issue with VPNs in that version. It may be as simple as a firmware upgrade to fix your problem.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Anand_Narayana
Contributor

Thanks. I will try by uploading the firmware " FGT_310B-v300-build0737-FORTINET.out" sometime during next week when i get a down time. But also just wanted to inform that this problem occurs even with the latest version v4.0,build0194,100121 (MR1 Patch 3).

Anand

Anand
rwpatterson

I have yet to go that high. I haven' t read or experienced any issues up there myself. Good luck. Keep us posted.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Labels
Top Kudoed Authors