Fortigate IKEv2 Error with ignoring IKEv2 request, interface is administratively down
set type dynamic set interface "port1" set ike-version 2 set peertype any set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha384 aes128gcm-prfsha256 set dpd on-idle set dhgrp 20 19 14 set reauth enable set idle-timeout enable set psksecret ENC 1VQ0j0YX34DWAmM8U2OnsibIcaGXjAsuaJfZEE4tZ/YPh1cayPwyql3b47Ro01xQVPs60wZHn4l/f8/mQZnsHidUbGPp7Q61gWN8FP91Q1sbAKuZoCxbFn13+rJAnSS7kkT7OnaB3iYWqf6pU4SZIJjYa2HxRkZglfGuq8TnoetM8g+qc/kFKlHwCTow4m+ZRrsy+A== set dpd-retryinterval 60
My Setup is this.
But whenever I tried to bring up tunnel against fortigate (FortiOS v6.0.9)
I see following error.
ike 0: IKEv2 exchange=SA_INIT id=d740acea5f4716a4/0000000000000000 len=264 ike 0: in D740ACEA5F4716A400000000000000002120220800000000000001082200002800000024010100030300000C01000014800E00800300000802000005000000080400001328000048001300002D34B59462315518C39B3D2575F5D5C5B85D6DAF45377F071FB8A63DE28394165866E7935EDB8EFE2FA3E0D274D034CD9915ED716B4B2F3744D6EFA02AC0EC2D290000241FD60B2308A8EE036155EACA8498C1EA7DF63749BE32BF98DC0E1F315E4BCE562900001C00004004C408DDCDF31AF7BF61AF35C89E73BBEC5D2425FB2900001C0000400592FE081C8710B828D14274E50BEBE7FBCB8E868E290000080000402E290000100000402F00020003000400050000000800004016 ike 0:d740acea5f4716a4/0000000000000000:4901: responder received SA_INIT msg ike 0:d740acea5f4716a4/0000000000000000:4901: received notify type NAT_DETECTION_SOURCE_IP ike 0:d740acea5f4716a4/0000000000000000:4901: received notify type NAT_DETECTION_DESTINATION_IP ike 0:d740acea5f4716a4/0000000000000000:4901: received notify type FRAGMENTATION_SUPPORTED ike 0:d740acea5f4716a4/0000000000000000:4901: received notify type SIGNATURE_HASH_ALGORITHMS ike 0:d740acea5f4716a4/0000000000000000:4901: received notify type 16406 ike 0:d740acea5f4716a4/0000000000000000:4901: ignoring unauthenticated notify payload (16406) ike 0:d740acea5f4716a4/0000000000000000:4901: incoming proposal: ike 0:d740acea5f4716a4/0000000000000000:4901: proposal id = 1: ike 0:d740acea5f4716a4/0000000000000000:4901: protocol = IKEv2: ike 0:d740acea5f4716a4/0000000000000000:4901: encapsulation = IKEv2/none ike 0:d740acea5f4716a4/0000000000000000:4901: type=ENCR, val=AES_GCM_16 (key_len = 128) ike 0:d740acea5f4716a4/0000000000000000:4901: type=PRF, val=PRF_HMAC_SHA2_256 ike 0:d740acea5f4716a4/0000000000000000:4901: type=DH_GROUP, val=ECP256. ike 0:IKEv2: ignoring IKEv2 request, interface is administratively down ike 0:d740acea5f4716a4/0000000000000000:4901: negotiation failure ike Negotiate SA Error: ike ike [10142]
With same set of cipher suite and setting,
IKEv1 is working fine, but IKEv2 doesn't work.
Looks like it doesn't like the proposal or something, but from the log it is not clear.
Anybody have same issue?