Amazon cloud VPN errors

Forum|Forum|10 years ago
December 2, 2015
1 reply
12044 views

Hey guys,

I've been looking into this error we keep getting on our VPN tunnel to Amazon cloud, but im not getting any further.

Message meets Alert condition date=2015-11-27 time=12:39:27 devname=FW10018 devid=FGT90DSERIAL logid=0101037130 type=event subtype=vpn level=error vd="root" logdesc="Progress IPsec phase 2" msg="progress IPsec phase 2" action=negotiate remip=52.x.x.x locip=213.x.x.x remport=500 locport=500 outintf="wan1" cookies="0caac---------------644" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="VPN-ZIMPA" status=failure init=remote mode=quick dir=inbound stage=1 role=responder result=ERROR

Any idea where this is comming from?

The setup:

phase1-interface

   edit "VPNAMAZON"
        set interface "wan1"
        set nattraversal disable
        set keylife 28800
        set proposal aes128-sha1
        set localid "ourlocalid"
        set comments "Amazon-IKE-vpn"
        set dhgrp 2
        set remote-gw 52.x.x.x
        set psksecret ENC supersecret

phase2-interface

    edit "VPNAMAZON"
        set phase1name "VPNAMAZON"
        set proposal aes128-sha1
        set dhgrp 2
        set keepalive enable
        set keylifeseconds 3600
        set src-subnet 10.x.x.x 255.255.254.0
        set dst-subnet 172.x.x.x 255.255.0.0

I tried enabling dpd but that doesn't take. It's not comming up in the config?

Though, in the GUI i do see it.

Hope anyone can help out with this.

(edit: to many spaces lol)

tuumkeAuthor

New Member

No one? :(

anil_nayak_FTNT

Staff

Hello

Message meets Alert condition date=2015-11-27 time=12:39:27 devname=FW10018 devid=FGT90DSERIAL logid=0101037130 type=event subtype=vpn level=error vd="root" logdesc="Progress IPsec phase 2" msg="progress IPsec phase 2" action=negotiate remip=52.x.x.x locip=213.x.x.x remport=500 locport=500 outintf="wan1" cookies="0caac---------------644" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="VPN-ZIMPA" status=failure init=remote mode=quick dir=inbound stage=1 role=responder result=ERROR

-VPN fails in Phase-2 negotiation, FGT is responder -Hence when trying to establish the VPN please collect output for the following commands. As FGT is responder you will see the quick-mode-msg-1 received on FGT with the remote selector parameters using which you can findout the possible cause

diag deb reset

diag vpn ike log-filter clear diag vpn ike log-filter dst-addr4 52.x.x.x diag deb app ike -1 diag deb en

to disable debugging # diag deb disable # diag deb reset

Regards

Anil

tuumkeAuthor

New Member

anil.nayak wrote:
Hello

Message meets Alert condition date=2015-11-27 time=12:39:27 devname=FW10018 devid=FGT90DSERIAL logid=0101037130 type=event subtype=vpn level=error vd="root" logdesc="Progress IPsec phase 2" msg="progress IPsec phase 2" action=negotiate remip=52.x.x.x locip=213.x.x.x remport=500 locport=500 outintf="wan1" cookies="0caac---------------644" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="VPN-ZIMPA" status=failure init=remote mode=quick dir=inbound stage=1 role=responder result=ERROR

-VPN fails in Phase-2 negotiation, FGT is responder -Hence when trying to establish the VPN please collect output for the following commands. As FGT is responder you will see the quick-mode-msg-1 received on FGT with the remote selector parameters using which you can findout the possible cause

diag deb reset
diag vpn ike log-filter clear diag vpn ike log-filter dst-addr4 52.x.x.x diag deb app ike -1 diag deb en

to disable debugging # diag deb disable # diag deb reset

Regards
Anil

Thanks! Running it now

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded