ipsec problem
Hi,
I have created a dynamic type of ipsec, but it will not up with cisco router.
FG conf:
config vpn ipsec phase1-interface
edit "vpn01"
set type dynamic
set interface "port1"
set ike-version 2
set peertype any
set net-device disable
set proposal des-sha1
set add-route disable
set dpd on-idle
set auto-discovery-receiver enable
set auto-discovery-shortcuts dependent
set nattraversal disable
set psksecret ENC
set dpd-retryinterval 60
next
end
cisco error:
*Jan 3 05:42:57.312: IKEv2:(SESSION ID = 1,SA ID = 1):Retransmitting packet
*Jan 3 05:42:57.322: IKEv2:(SESSION ID = 1,SA ID = 1):Sending Packet [To 10.0.0.1:500/From 10.0.0.3:500/VRF i0:f0]
Initiator SPI : 6ACECDCABFA431B0 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)
*Jan 3 05:42:57.343: IKEv2-ERROR:Address type 2147505494 not supported
*Jan 3 05:42:57.343: IKEv2-ERROR:Couldn't find matching SA: A supplied parameter is incorrect
*Jan 3 05:42:57.343: IKEv2:(SESSION ID = 0,SA ID = 0):Received Packet [From 10.0.0.1:500/To 10.0.0.3:500/VRF i0:f0]
Initiator SPI : 6ACECDCABFA431B0 - Responder SPI : 737906E43A073588 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
*Jan 3 05:42:57.344: IKEv2-ERROR:Address type 1109088110 not supported
*Jan 3 05:42:57.344: IKEv2-ERROR:: A supplied parameter is incorrect
*Jan 3 05:42:59.295: IKEv2:% Getting preshared key from profile keyring MYKeyring
*Jan 3 05:42:59.295: IKEv2:% Matched peer block 'FG'
*Jan 3 05:42:59.295: IKEv2:(SESSION ID = 0,SA ID = 0):Searching Policy with fvrf 0, local address 10.0.0.3
*Jan 3 05:42:59.296: IKEv2:(SESSION ID = 0,SA ID = 0):Found Policy 'MY_Policy_fortigate'
*Jan 3 05:42:59.297: IKEv2-ERROR:Address type 2147516329 not supported