nabz0r Veteran Posted July 24, 2012 Veteran Share Posted July 24, 2012 Hey people, I have set up an IPSec tunnel between two sites from our site we use Fortigate firewall and other site using ASA5505. The connections goes down all the time specially when there is no traffic between the sites and when it doesn't it is VERY slow. I have been troubleshooting, googling, etc but I couldn't find a solution and I am out of ideas now. :( I'd appreciate your help and inputs and all are welcome to take part. :) Thanks! Link to comment Share on other sites More sharing options...
sc302 Veteran Posted July 24, 2012 Veteran Share Posted July 24, 2012 What is the upload speed at each site...the slowest upload speed is what you would use to set as your max speed. Second, how long are your time outs set for? Time out by default is 30 min if no traffic passes through. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted July 24, 2012 Author Veteran Share Posted July 24, 2012 From our site is 100Mbit and the other one is 50Mbit so the upload speed isn't a problem here sadly. The time is set to 24h so that shouldn't be the problem in my opinion. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted July 24, 2012 Veteran Share Posted July 24, 2012 call the manufacturer for troubleshooting assitance. Start with the fortigate. It is better if you had the same on both sides so that there is no finger pointing. That is probably not the answer that you want to hear, but I think it could be an issue with latency between the two. Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted July 24, 2012 Author Veteran Share Posted July 24, 2012 Thanks for your input. I thought that might be the problem specially when I came across some post (in other forums) who had almost the same problem. As for using Fortigate at both ends it is impossible because our costumers provider uses Cisco. We have almost 300+ VPN connection for our costumers and we use Fortigate att all the sites and there are no problem what so ever, but this new connection is somehow getting on my nerves. :/ Link to comment Share on other sites More sharing options...
giantsnyy Posted July 24, 2012 Share Posted July 24, 2012 Honestly I've never had luck with IPSec communication between Fortigates and Cisco products. I have an old PIX515 at a prep location and I use fortigate 100A's everywhere else... I occasionally get drops from the cisco side. What does the log on the fortigate say? Link to comment Share on other sites More sharing options...
nabz0r Veteran Posted July 24, 2012 Author Veteran Share Posted July 24, 2012 The message I get from the logs is: iprope_in_check() check failed, drop I wish I could use same products at both ends and save all the trouble. :/ Link to comment Share on other sites More sharing options...
Recommended Posts