To determine which device is acting as the responder or initiator, use the following command:

diagnose vpn ike gateway list

Example output:

FortiGate 1:

vd: root/0

name: ipsec

version: 1

interface: port1 3

addr:

created: 51s ago    ---> The original (first) IKE SA was established 51s ago

IKE SA: created 1/2  established 1/1  time 1640/1640/1640 ms  -->This is the second IKE SA (1 rekeys)

IPsec SA: created 0/0

  id/spi: 923 888200ea8ea025c9/ebc375ac5f914ca2

  direction: responder

  status: established 25-23s ago = 1640ms   -->This specific IKE SA was established 1646s ago.

  proposal: aes256-sha256

  key: bb378e79fc304664-42605bc5545ff882-5abb8d8378d21bbf-45eff916409de6e3

  lifetime/rekey: 86400/86106  --> hard-timeout = 86400s (counter with constant value). Next initiated rekey is due in 86106s (ticks down).

  DPD sent/recv: 00000000/00000000

FortiGate 2:

vd: root/0

name: ipsec

version: 1

interface: port1 3

addr:

tun_id:

remote_location: 0.0.0.0

network-id: 0

created: 7s ago    --> The original (first) IKE SA was established 7s ago.

IKE SA: created 1/1  established 1/1  time 1640/1640/1640 ms   --> This is the first IKE SA (0 rekeys)

IPsec SA: created 0/0.

  id/spi: 771 888200ea8ea025c9/ebc375ac5f914ca2

  direction: initiator

  status: established 7-5s ago = 1640ms

  proposal: aes256-sha256

  key: bb378e79fc304664-42605bc5545ff882-5abb8d8378d21bbf-45eff916409de6e3

  lifetime/rekey: 86400/86094   --> hard-timeout = 86400s (counter with constant value). Next initiated rekey is due in 86094s (ticks down).

  DPD sent/recv: 00000000/00000000

In the commands listed above, it can be seen that FortiGate 1 is the responder and FortiGate 2 is the initiator.