Troubleshooting Tip: Log message 'ignoring request to establish IPsec SA, no policy configured'
Description
This article describes an issue where VPN phase 1 is not coming up for a route based VPN and the debug logs show the following message:
ignoring request to establish IPsec SA, no policy configured.
Scope
FortiGate.
Solution
Another debug log message if the policy is not configured:
2026-01-29 14:52:21.547178 ike V=root:0:FCT-VPN: ignoring IKEv2 request, no policy configured
2026-01-29 14:52:21.547199 ike V=root:0:b1c1a7a9f73c88d1/0000000000000000:19: negotiation failure
2026-01-29 14:52:21.547232 ike V=root:Negotiate SA Error: [12077]
To remedy this, ensure that there is at least one security policy where one of the interfaces is a VPN tunnel interface and there is at least one route which uses the tunnel interface as the gateway.