Troubleshooting Tip: IPsec VPN is down due to log message: ignoring IKE request, interface is administratively down
| Description | This article describes how to resolve an issue where IPsec phase 1 is not coming up and the debug logs are showing 'ignoring IKE request, interface is administratively down'. |
| Scope | FortiGate. |
| Solution | When troubleshooting a down tunnel, the user may encounter a log error ' <IPSEC Name> : ignoring IKE request, interface is administratively down' while running the IPSEC debug commands below:
diagnose debug application ike -1 diagnose debug enable
The error indicates that the tunnel interface is intentionally disabled. It was possibly turned off by another administrator during troubleshooting.
Sample Output:
To resolve the issue, enable the tunnel interface:
config system interface edit <tunnel-name> set status up end
Note: Useful commands to check the tunnel status:
diagnose netlink interface list | grep -A10 <tunnel-name> show system interface <tunnel-name> diagnose netlink interface list | grep -A10 <tunnel-name> diagnose vpn ike gateway list diagnose vpn tunnel list
Using the GUI:
|
