negotiation timeout,
Dear All,
I was trying to setup VPN IPsec between Fortigate and SRX, but it didn't work at all..
I got the IPSec logs from Fortigate, and found this
ike 0:VPN-GW:225: sent IKE msg (ident_r1send): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739 ike 0:VPN-GW:224: negotiation timeout, deleting
it looks it has tried to send reply of 1st message, but it failed for some reason,
i'm not 100% sure if it's correct,
Do you have any idea how i can troubleshoot this case and if there's any other reason why negotiation failed ?
ike 0:20c4aa949a69745e/0000000000000000:221: responder: main mode get 1st message...
ike 0:20c4aa949a69745e/0000000000000000:221: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:20c4aa949a69745e/0000000000000000:221: VID unknown (16): AFCAD71368A1F1C96B8696FC77570100
ike 0:20c4aa949a69745e/0000000000000000:221: VID unknown (16): AFCAD71368A1F1C96B8696FC77570100
ike 0:20c4aa949a69745e/0000000000000000:221: VID draft-ietf-ipsec-nat-t-ike-00 4485152D18B6BBCD0BE8A8469579DDCC
ike 0:20c4aa949a69745e/0000000000000000:221: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
ike 0:20c4aa949a69745e/0000000000000000:221: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
ike 0:20c4aa949a69745e/0000000000000000:221: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
ike 0:20c4aa949a69745e/0000000000000000:221: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike 0:20c4aa949a69745e/0000000000000000:221: VID unknown (28): 4A131C81070358455C5728F20E95452F
ike 0:20c4aa949a69745e/0000000000000000:221: negotiation result
ike 0:20c4aa949a69745e/0000000000000000:221: proposal id = 1:
ike 0:20c4aa949a69745e/0000000000000000:221: protocol id = ISAKMP:
ike 0:20c4aa949a69745e/0000000000000000:221: trans_id = KEY_IKE.
ike 0:20c4aa949a69745e/0000000000000000:221: encapsulation = IKE/none
ike 0:20c4aa949a69745e/0000000000000000:221: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC.
ike 0:20c4aa949a69745e/0000000000000000:221: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:20c4aa949a69745e/0000000000000000:221: type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:20c4aa949a69745e/0000000000000000:221: type=OAKLEY_GROUP, val=MODP1536.
ike 0:20c4aa949a69745e/0000000000000000:221: ISAKMP SA lifetime=28800
ike 0:20c4aa949a69745e/0000000000000000:221: SA proposal chosen, matched gateway VPN-GW
ike 0: found VPN-GW FORTIGW 7 -> SRX-GW:500
ike 0:VPN-GW:225: DPD negotiated
ike 0:VPN-GW:225: selected NAT-T version: RFC 3947
ike 0:VPN-GW:225: cookie 6c1c70d3deab4bab/31f33050dfa3e739
ike 0:VPN-GW:225: out 6C1C70D3DEAB4BAB31F33050DFA3E7390110020000000000000000980D0000400000000100000001000000340101080100000000000000000000002400010000800100058004000580020002800B0001000C000400007080800300010D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:225: sent IKE msg (ident_r1send): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739
ike 0:VPN-GW:224: negotiation timeout, deleting
ike 0:VPN-GW: schedule auto-negotiate
ike 0:VPN-GW:225: out 6C1C70D3DEAB4BAB31F33050DFA3E7390110020000000000000000980D0000400000000100000001000000340101080100000000000000000000002400010000800100058004000580020002800B0001000C000400007080800300010D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:225: sent IKE msg (P1_RETRANSMIT): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739
ike 0: comes SRX-GW:500->FORTIGW:500,ifindex=7....
ike 0: IKEv1 exchange=Identity Protection id=6c1c70d3deab4bab/0000000000000000 len=284
ike 0: in 6C1C70D3DEAB4BAB000000000000000001100200000000000000011C0D000040000000010000000100000034010108016C1C70D3DEAB4BAB0000002400010000800100058004000580020002800B0001000C000400007080800300010D000014AFCAD71368A1F1C96B8696FC775701000D00001427BAB5DC01EA0760EA4E3190AC27C0D00D0000146105C422E76847E43F9684801292AECD0D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000147D9419A65310CA6F2C179D9215529D560D0000144A131C81070358455C5728F20E95452F00000020699369228741C6D4CA094C93E242C9DE19E7B7C60000000500000500
ike 0:VPN-GW:225: retransmission, re-send last message
ike 0:VPN-GW:225: out 6C1C70D3DEAB4BAB31F33050DFA3E7390110020000000000000000980D0000400000000100000001000000340101080100000000000000000000002400010000800100058004000580020002800B0001000C000400007080800300010D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:225: sent IKE msg (retransmit): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739
ike 0:VPN-GW:225: out 6C1C70D3DEAB4BAB31F33050DFA3E7390110020000000000000000980D0000400000000100000001000000340101080100000000000000000000002400010000800100058004000580020002800B0001000C000400007080800300010D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:225: sent IKE msg (P1_RETRANSMIT): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739
ike 0: comes SRX-GW:500->FORTIGW:500,ifindex=7....
ike 0: IKEv1 exchange=Identity Protection id=6c1c70d3deab4bab/0000000000000000 len=284
ike 0: in 6C1C70D3DEAB4BAB000000000000000001100200000000000000011C0D000040000000010000000100000034010108016C1C70D3DEAB4BAB0000002400010000800100058004000580020002800B0001000C000400007080800300010D000014AFCAD71368A1F1C96B8696FC775701000D00001427BAB5DC01EA0760EA4E3190AC27C0D00D0000146105C422E76847E43F9684801292AECD0D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000147D9419A65310CA6F2C179D9215529D560D0000144A131C81070358455C5728F20E95452F00000020699369228741C6D4CA094C93E242C9DE19E7B7C60000000500000500
ike 0:VPN-GW:225: retransmission, re-send last message
ike 0:VPN-GW:225: out 6C1C70D3DEAB4BAB31F33050DFA3E7390110020000000000000000980D0000400000000100000001000000340101080100000000000000000000002400010000800100058004000580020002800B0001000C000400007080800300010D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC77570100000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:225: sent IKE msg (retransmit): FORTIGW:500->SRX-GW:500, len=152, id=6c1c70d3deab4bab/31f33050dfa3e739
ike 0:VPN-GW:225: negotiation timeout, deleting
ike 0:VPN-GW: connection expiring due to phase1 down
ike 0:VPN-GW: deleting
ike 0:VPN-GW: deleted
ike 0:VPN-GW: schedule auto-negotiate
ike 0:VPN-GW: auto-negotiate connection
ike 0:VPN-GW: created connection: 0x115e9900 7 FORTIGW->SRX-GW:500.
ike 0:VPN-GW:226: initiator: main mode is sending 1st message...
ike 0:VPN-GW:226: cookie 24e6964da61bc752/0000000000000000
ike 0:VPN-GW:226: out 24E6964DA61BC752000000000000000001100200000000000000011C0D000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:226: sent IKE msg (ident_i1send): FORTIGW:500->SRX-GW:500, len=284, id=24e6964da61bc752/0000000000000000
ike 0:VPN-GW:226: out 24E6964DA61BC752000000000000000001100200000000000000011C0D000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:226: sent IKE msg (P1_RETRANSMIT): FORTIGW:500->SRX-GW:500, len=284, id=24e6964da61bc752/0000000000000000
ike 0:VPN-GW:226: out 24E6964DA61BC752000000000000000001100200000000000000011C0D000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike 0:VPN-GW:226: sent IKE msg (P1_RETRANSMIT): FORTIGW:500->SRX-GW:500, len=284, id=24e6964da61bc752/0000000000000000
Thank you in advance.
Sam.