Explorer

Question

No response from peer error

Forum|Forum|1 year ago
November 13, 2024
3 replies
2681 views

When i try to connect to vpn through IPSEC IKv2 on specific devices its giving me no response from peer. i tried everything and even opened the specific ports on the firewall and router thought maybe it could block the connection and still the same issue.

image (1).png

pminarik

Staff

Check ike debug on the receiving end (FGT):

> diag vpn ike log filter clear
> diag vpn ike log filter dst-addr4 <public IP of your client>

> diag debug app ike 63

> diag debug enable

INT1Author

Explorer

didnt help ipsec has alot of problems everyday im getting a new issue and its not easy to solve

pminarik

Staff

Those commands aren't supposed to help, they're supposed to generate outputs, which can then be analyzed to guide towards resolution or further analysis.

dingjerry_FTNT

Staff

Hi @INT1 ,

It seems that the client is using FCT to connect to the IPSec VPN, which must be a dial-up VPN.

You mentioned "even opened the specific ports on the firewall and router": What specific ports are they?

Anyway, please make sure that port 4500 is open on the upstream router.

INT1Author

Explorer

hello, the specific ports are 500 and 4500 on both the firewall and the router's firewall and still having an issue.

sjoshi

Staff

Hi @INT1 ,

Please run the pcap and verify the traffic from one end is reaching the other end

diag sniff packet any 'host x.x.x.x and (port 500 or port 4500)' 4 0 l >> where x.x.x.x is the remote peer IP

If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded