Community discussions

MikroTik App
 
r3jon
just joined
Topic Author
Posts: 3
Joined: Wed Apr 28, 2021 12:42 pm

Issue with Aggressive Mode IPSEC VPN to Fortigate

Fri Apr 30, 2021 1:49 pm

Hi,

I have created an aggressive-mode IPSEC tunnel via LTE from my RBD53GR-5HacD2HnD router to my central Fortigate firewall. All works fine when using a single phase2 policy but when I add a second traffic stops flowing on 1 of the 2 subnets. This doesn't happen all the time but frequent enough that I can replicate easily.

Fortigate logs show no errors. Config attached.

Any help would be much appreciated.

Thanks
You do not have the required permissions to view the files attached to this post.
 
r3jon
just joined
Topic Author
Posts: 3
Joined: Wed Apr 28, 2021 12:42 pm

Re: Issue with Aggressive Mode IPSEC VPN to Fortigate

Fri Apr 30, 2021 2:35 pm

Do add to this;

Both sides show both phase2s as "Up".

Everything looks successful in the IPSEC log on Mikrotik and also Fortigate.

It seems very timing related, if I disable all policies on Mikrotik and enable one at a time with a 5 second pause in between all traffic flows correctly. If I enable both without pausing in between only one policy seems to allow traffic to flow.

Very strange indeed
Last edited by r3jon on Fri Apr 30, 2021 7:51 pm, edited 1 time in total.
 
r3jon
just joined
Topic Author
Posts: 3
Joined: Wed Apr 28, 2021 12:42 pm

Re: Issue with Aggressive Mode IPSEC VPN to Fortigate

Wed May 05, 2021 9:03 pm

Happy to reward anyone who wants to get involved.

I have setup the same configuration on a Digi Transport router and that works perfectly. Seems very Mikrotik related.

Any help would be great. Thanks

Who is online

Users browsing this forum: SMARTNETTT and 43 guests