Meraki

Community

Ipsec Meraki X Fortigate

Luana
Comes here often
yesterday
yesterday

Ipsec Meraki X Fortigate

Could someone please help me?

I have Meraki IPsec VPN and a Fortigate configured and working, but after a few hours, for example 12 hours, it crashes and stops working. It only starts working again if I restart Meraki or Fortigate.

 

 

Than you

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
yesterday
yesterday

Please ensure the phase 2 lifetimes are equal on both ends of the tunnel whenever possible. While MX's can sometimes honor a shorter phase 2 lifetime if they're acting in response to build a tunnel, they cannot while serving as the initiator of the tunnel. 

 

Phase 1 (IKE): 28800 seconds (8 hours)
Phase 2 (IPsec): 3600 seconds (1 hour)

 

 


Fortigate often uses similar defaults, but if they differ, the tunnel may drop after one side expires the SA and the other doesn’t rekey properly.
Make sure both devices have the same lifetimes for Phase 1 and Phase 2.

 

If DPD is disabled or misconfigured, the tunnel may stay in a “dead” state after one side loses connectivity.
On Fortigate, set dpd enable

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-I...


On Meraki, DPD is enabled by default, but verify under VPN settings.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
yesterday
yesterday

The most common issue I find is mismatched encryption domains.  Make sure both ends have an identical configuration.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.