You can’t really debug VPN problems with static show commands, if VPN fails to function you HAVE to
see it happening real-time. Below I list few debug commands that do just that for IPSEC site-to-site
tunnels in Fortigate.
Here:
192.168.168.254 – IP address on the LAN interface of the fortigate
10.170.15.131′ – IP address on [...]
Apr
21
2009
21
2009
Debug VPN in Fortigate – seeing is believing
Apr
9
2009
9
2009
Black hole routing to the rescue – Fortigate OS 4 surprise
Many times there is more than one solution to the problem, and the most obvious is not the best one. I
reminded myself this when came to my care Fortigate 60 unit that was periodically blocking traffic,
you know this not-saying-much system alert “..has reached connection limit” and then no traffic goes from LAN to [...]