Monitoring and troubleshooting vpns, Viewing vpn tunnel status – Fortinet FortiGate 4000 User Manual
Page 257
IPSec VPN
Monitoring and Troubleshooting VPNs
FortiGate-4000 Installation and Configuration Guide
257
See
“Adding an encrypt policy” on page 251
.
6
Arrange the policies in the following order:
• outbound encrypt policies
• inbound encrypt policy
• default non-encrypt policy (Internal_All -> External_All)
Monitoring and Troubleshooting VPNs
•
•
Viewing dialup VPN connection status
•
Viewing VPN tunnel status
You can use the IPSec VPN tunnel list to view the status of all IPSec AutoIKE key
VPN tunnels. For each tunnel, the list shows the status and the tunnel time out.
To view VPN tunnel status
1
Go to VPN > IPSEC > Phase 2.
2
View the status and timeout for each VPN tunnel.
Figure 75: AutoIKE key tunnel status
Action
ENCRYPT
VPN Tunnel
The VPN tunnel name added in step
1
. (Use the same tunnel for all encrypt
policies.)
Allow inbound Select allow inbound.
Allow outbound Do not enable.
Inbound NAT
Select inbound NAT if required.
Outbound NAT Select outbound NAT if required.
Note: The default non-encrypt policy is required to allow the VPN spoke to access other
networks, such as the Internet.
Status
The status of each tunnel. If Status is Up, the tunnel is active. If Status is
Down, the tunnel is not active. If Status is Connecting, the tunnel is
attempting to start a VPN connection with a remote VPN gateway or client.
Timeout
The time before the next key exchange. The time is calculated by
subtracting the time elapsed since the last key exchange from the keylife.