• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

Troubleshooting Site to Site VPN troubleshooting on Fortigate Firewall

TigerDao

Administrator
Thành viên BQT
The following article will guide you how to check and fix some common site-to-site IPsec VPN errors on the Internet. Fortigate Firewallthe model implementation is shown below.

(IMG)


* Error number 1: Preshare key miss match

Go to the Command line screen on Fortigate on the main site and type the commands below, note that you choose the tunnel name as HQ-to-Branch (VPN tunnel on main site).

(IMG)


Next, go to IPsec monitor and Right click on Bring up, we see that the tunnel status is still Down.

(IMG)


You return to the command line screen if you see an error message Probable pre-shared secret mismatch Currently, we are encountering a preshare key mismatch error between the two Fortigate devices at the main site and the branch site.

(IMG)


To fix it, go to VPN >> IPsec >> Tunnels and select the HQ-to-Branch tunnel, go to the Authentication section and edit the preshare key to match the branch site.

(IMG)


When you return to the IPsec monitor section, you will see that the status of the VPN tunnel is Up, so we have fixed this error.

(IMG)


* Error number 2: SA Proposal Error

Similar to above, go to the command line screen and type the commands below.

(IMG)


Right click and select Bring Up tunnel which is having an error.

(IMG)


When you return to the debug screen, you will see the error below

(IMG)


You can debug the same error for the branch site, remember to type the tunnel name Branch-to-HQ (VPN tunnel on branch site)

(IMG)


You choose Bring Up

(IMG)


And returning to the debug screen will see the error as below

(IMG)


Go to the HQ-to-Branch tunnel on the main site and select Convert to Custom Tunnel

(IMG)


Please see the Phase 1 Proposal section and note the information about encryption and authentication

(IMG)


Next, go to the branch site and edit the Phase 1 Proposal section to match the information on the main site.

(IMG)


Return to the IPsec Monitor section and you will see that the tunnel’s Status is Up, which means the debugging has been successful.

(IMG)


* Error number 3: Quick mode selector error

Please type the debug vpn commands as shown below

(IMG)


Go to Ipsec monitor and select Bring Up tunnel that is failing

(IMG)


Returning to the debug screen, you see the error message below, the device is currently experiencing a Quick mode selector error.

(IMG)


(IMG)


To handle the above error, go to the Phase 2 Selectors section on Fortigate on the main site to check and correct the Local Address and Remote Address.

(IMG)


Please continue to check Fortigate at the branch site and edit the information correctly.

(IMG)


Return to the IPsec Monitor screen, select Bring Up tunnel

(IMG)


When you see the tunnel’s status is Up, the error has been fixed.

(IMG)


Steps to check and handle some common site to site VPN errors above Fortigate Firewall finished.

Wishing you success!

Xem tiếp...
 
Top