Manualshelf

User manual

ManualsBrandsFortinet ManualsSoftwareSwitch FortiGate 4000
251252253254255256257258259260
IPSec VPN Monitoring and Troubleshooting VPNs
FortiGate-4000 Installation and Configuration Guide 257
See “Adding an encrypt policy” on page 251.
6 Arrange the policies in the following order:
outbound encrypt policies
inbound encrypt policy
default non-encrypt policy (Internal_All -> External_All)
Monitoring and Troubleshooting VPNs
Viewing VPN tunnel status
Viewing dialup VPN connection status
Testing a VPN
Viewing VPN tunnel status
You can use the IPSec VPN tunnel list to view the status of all IPSec AutoIKE key
VPN tunnels. For each tunnel, the list shows the status and the tunnel time out.
To view VPN tunnel status
1 Go to VPN > IPSEC > Phase 2.
2 View the status and timeout for each VPN tunnel.
Figure 75: AutoIKE key tunnel status
Action ENCRYPT
VPN Tunnel The VPN tunnel name added in step 1. (Use the same tunnel for all encrypt
policies.)
Allow inbound Select allow inbound.
Allow outbound Do not enable.
Inbound NAT Select inbound NAT if required.
Outbound NAT Select outbound NAT if required.
Note: The default non-encrypt policy is required to allow the VPN spoke to access other
networks, such as the Internet.
Status The status of each tunnel. If Status is Up, the tunnel is active. If Status is
Down, the tunnel is not active. If Status is Connecting, the tunnel is
attempting to start a VPN connection with a remote VPN gateway or client.
Timeout
The time before the next key exchange. The time is calculated by
subtracting the time elapsed since the last key exchange from the keylife.