18:29:41 is PST time(your device has PST time zone), not IST time zone. Here is what the issue started occurring today morning. Here's the fortinet TAC's logging info: Hi, If this was a bug we would have more of such cases here and elsewhere but i couldn't find any.
I am of the opinion though that this is something to do with hardware itself. The TAC has now declared this as a bug and tells me to wait till FortiOS 5.4.0 is released. When the ip is renewed the tunnel goes down and doesn't come up on its own for some reason. The wan interface has an static IP address but its through PPPoE, so i guess there's some sort of ip address renewal still happening even though the ip address which the wan interface gets is still the same and is static. Really appreciate any help towards what could be causing this. I could find only this one similar case on their forums, my branch side is already on 5.2.3 so the solution of updating to 5.2 which worked there won't work for me. Running debugging during the time of the issue on the branch 30D the initial out put is 21:44:34 ike 0:mandhana: could not locate phase1 configuration. Submitting logs to them is now a daily thing. I have a case locked with the fortigate TAC since then, it's over 2 months of submitting logs to them and no solution has been provided at all. The issue we're facing since day 1 is the tunnel works fine for the day but the next morning is down and does not come up on its own at all, until some minor change is made to the phase1 configuration on the branch side. auto-reconnect is also enabled on the branch side. I have an IPSEC VPN tunnel between two offices, the HQ is a fortigate 200B(os:v5.0,build0292 (GA Patch 9)) and the branch is fortigate 30D(os:5.2.3).īoth are now on static IPs.
0 kommentar(er)
