Phase1 is the basic setup and getting the two ends talking. In IKE/IPSec, there are two phases to establish the tunnel. Here are some basic steps to troubleshoot VPNs for FortiGate. I'll show you a method that can be used to initiate traffic from that network as well. The network admin typically doesn't have direct access on the computers on either side of the VPN in order to initiate that traffic. One problem in particular that has always bugged me is that you need access to the end machines involved to initiate traffic across the link. Most of the real debugging happens inside the CLI.
The GUI offers not much help, it is either UP or Down. The IKE protocol is "chatty", and negotiates back and forth between the two ends for several rounds.
Debugging what is going wrong with a VPN setup is difficult.
0 kommentar(er)
