FortiGate IPSEC vs. Lancom IPSEC

Author
sw2090
Gold Member
  • Total Posts : 312
  • Scores: 20
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
2019/05/15 00:01:02 (permalink)
0

FortiGate IPSEC vs. Lancom IPSEC

Hiho,
 
maybe someone experienced this and already has some hint for me.
 
We have an IPSEC tunnel to a third party that worked fine as long as the corresponding WAN on my FGT was pppoe over a dsl modem. Now changed that to a lancom router that does the dial in (plus POrtforwards for 500 and 4500 UDP to the FGT). TUnnel still works but from time to time gets stuck. FGT then still shows the tunnekl green in gui but it does not process any more data through it. I have to shutdown the tunnel ofthen several times (it always comes up again automagically) before it will work again...
#1

2 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 5927
    • Scores: 466
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: FortiGate IPSEC vs. Lancom IPSEC 2019/05/15 00:52:57 (permalink)
    0
    Could be a NAT timeout on the Lancom if the tunnel is idling for a while. Try to increase either the NAT timeout or the session timeout for tcp/500, tcp/4500, on the Lancom router.
     
    What a pity. The combination of "simple modem" (DSL, VDSL, cable) with a FGT is foolproof and has no drawbacks. Such as, the FGT will have trouble getting FortiGuard updates without a public WAN address...

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    sw2090
    Gold Member
    • Total Posts : 312
    • Scores: 20
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: FortiGate IPSEC vs. Lancom IPSEC 2019/05/21 05:08:33 (permalink)
    0
    there is NAT timouts for UDP and IPSec on that Lancom. I increased them with no change.
    Meanwhile the same also happened to a Site2Site Tunnel betweet two FGT too.
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5