Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec not matching Phase 2?

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 11 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      silviub
      last edited by silviub

      Hello,
      I have an IPSec tunnel with multiple Phase 2s. I have set multiple IPSec tunnels and they all worked flawlessly. I've set another one today and here's where it gets weird. I can only see one P2 coming up.
      All my Phase 2s are using a local subnet (10.41.199.0/24) and I've got multiple remote subnets (10.41.3.0/24, 10.41.12.0/24, 10.41.62.0/24, etc). Only the FIRST defined and enabled Phase 2 ever gets online.
      For example, I'm pinging from 10.41.199.65 to 10.41.3.2. I can only see the 10.41.14.0/24 SA as established, and I can't find anything in the logs about 10.41.3.0/24 remote. It looks like it's not even trying to get the P2 up. Why is that?

      P.S. the other end is a Fortigate device. If I manuall raise all tunnels from the fortigate, everything works as expected....

      Thank you!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.