FGT IPSEC VPN不稳定

2条移动外线,和HK同一个公网IP建VPN,情况时时不时断开,而断开后经常十几分钟tunnel起不来,然后也是无端端的起来了,配置上面是没问题的,不然VPN肯定起不来,感觉是运营商的问题导致ESP包传输不稳定,这个情况很久了,一直都是时好时坏。也看过@Kmliu大大之前对前人问题的评论,但是那个建VDOM那个方法有点复杂,看不太懂,想问还有其它办法证明运营商的问题么?这个情况很久了,一直都是时好时坏。
已邀请:

kmliu - Fortinet-TAC

赞同来自: 360rundll

不会配置的话,文档来了,自行参考一下
https://wen.fortinet.com.cn/article/489

360rundll

赞同来自:

大陆这边的FW LOG 提供如下,HK那边联系起来比较麻烦啊@@@:
 

Message meets Alert condition
date=2017-08-30 time=15:41:46 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d4d" 

Message meets Alert condition
date=2017-08-30 time=15:41:41 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d4c" 

Message meets Alert condition
date=2017-08-30 time=15:41:36 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d4b" 

Message meets Alert condition
date=2017-08-30 time=15:41:31 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d4a" 

Message meets Alert condition
date=2017-08-30 time=15:41:26 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d49" 

Message meets Alert condition
date=2017-08-30 time=15:41:21 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d48" 

Message meets Alert condition
date=2017-08-30 time=15:41:16 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d47" 

Message meets Alert condition
date=2017-08-30 time=15:41:11 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d46" 

Message meets Alert condition
date=2017-08-30 time=15:41:06 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d45" 

Message meets Alert condition
date=2017-08-30 time=15:41:01 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d44" 

Message meets Alert condition
date=2017-08-30 time=15:40:56 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d43" 

Message meets Alert condition
date=2017-08-30 time=15:40:51 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d42" 

Message meets Alert condition
date=2017-08-30 time=15:40:46 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d41" 

Message meets Alert condition
date=2017-08-30 time=15:40:41 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d40" 

Message meets Alert condition
date=2017-08-30 time=15:40:36 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3f" 

Message meets Alert condition
date=2017-08-30 time=15:40:31 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3e" 

Message meets Alert condition
date=2017-08-30 time=15:40:26 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3d" 

Message meets Alert condition
date=2017-08-30 time=15:40:21 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3c" 

Message meets Alert condition
date=2017-08-30 time=15:40:16 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3b" 

Message meets Alert condition
date=2017-08-30 time=15:40:11 devname=FortiGate-02 devid=FGT3HD3916803222 logid=0101037131 type=event subtype=vpn level=error vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action=error remip=223.118.32.132 locip=120.236.13.7 remport=500 locport=500 outintf="port1" cookies="N/A" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="FortiGate-GNC" status=esp_error error_num="Received ESP packet with unknown SPI." spi="4e2e45e9" seq="00000d3a" 

kmliu - Fortinet-TAC

赞同来自:

解决方案看不懂就填写在support上填Ticket,让TAC帮你解决。

kmliu - Fortinet-TAC

赞同来自:

或者给support_cn@fortinet.com发邮件说起情况,然后可以远程弄一把

要回复问题请先登录注册