Hello everyone!
This may sound weird, but I have a site-to-site VPN with a Fortigate firewall that my ISP manages, and the logs and status screen show the VPN as disconnected but it's passing traffic just fine both ways. If I were to believe the MX event log then it never passes phase 1 negotiations, but my ISP said their Fortigate shows it's connected, and like I said it's passing traffic fine and not dropping. Is there something misconfigured that could cause this issue? I mean, it's working so that's good. My concern is that the logs are filled to the brim with "msg: phase1 negotiation failed due to time up" but if it's passing traffic I would assume that's incorrect and I'm a little concerned it might break in the future. I'm just curious if anyone here has seen this or know what might cause it? Thank you for your time!
Solved! Go to Solution.
That seems odd. If the MX is reporting that the setup of the VPN didn’t succeed then I’d tend to think that it didn’t succeed. I’d want to do a packet capture on the WAN side of the MX to confirm my packets were being encrypted and not sent in the clear (they may just be being NATed).
If it really is being encrypted then I’d open a ticket with support.
That seems odd. If the MX is reporting that the setup of the VPN didn’t succeed then I’d tend to think that it didn’t succeed. I’d want to do a packet capture on the WAN side of the MX to confirm my packets were being encrypted and not sent in the clear (they may just be being NATed).
If it really is being encrypted then I’d open a ticket with support.
have you tried clearing the security associations on both ends.
I have seen this before in cross vendor environments, where one end still thinks the VPN is active and the other end doesnt.
Good idea. I'll go ahead and do that.
I'm seeing a lot of ESP and ISAKMP traffic on the WAN side and when I capture on the LAN side it shows as encrypted. I'm going to open a ticket. Thanks for your help!