ESP Payload blocked on Firewall
I have a Fortigate configured with 3 VDOMs, 1 is a transparent internet vdom, and 2 Customer VDOMs.
both have a VPN set up, almost identically, one works the other doesnt.
On the one that works, you can happily see the IKE packets both way on the anayzer as you would expect (Allow Rule for IKE on the internet VDOM)
On the one that fails, (Phase 1 and 2 are up) but the analyzer is blocking ESP packets? why on earth would it see the payload on this particular VPN? what has stripped of the IKE header? both sides match, but I think the other side does not have NAT-T enabled, would this cause the issue? would like to know.. thank you