IPsec phase 1 negotiation failure

Forum|Forum|3 years ago
December 6, 2022
2 replies
6419 views

Trying to figure why the IPsec phase 1 negation fails then is fixes itself after a few minutes. This is an on and off thing which has happened twice in 2 days.

Any tips to try figure the issue out

Thanks

Details:

Fortigate VM64-KVM

Version: 6.0.6

FortiGate

pjawalekar

Staff

Hi,
This issue seems to be an odd behavior related to firmware version.

As per your comments, I see that you are using 6.0.6 firmware version, which is end of support on 2022-09-29, Hence I suggest you to upgrade the firmware version to 6.2.X and above.
Regards
Pratik.

stevenpAuthor

New Member

I will be doing the update on this asap and see if it fixes the issue.

Thanks

seshuganesh

Staff

Hi,

If both ends are fortigate firewalls, execute these commands in both firewalls in both firewalls:

diag vpn ike log-filter dst-addr4 a.b.c.d (where a.b.c.d is the remote gateway ip)

diag debug application ike -1

Once you get the debug logs, please disable the debug using this command "diag debug disable"

diag debug enable

stevenpAuthor

New Member

unfortunately the other side isn't Fortigate. I will do a software update and see how that turns out.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded