Description
This article describes how to solve when seeing this error: received notify type authentication_failed.
Scope
FortiGate.
Solution
By executing the following commands:
diag debug reset
diag debug console timestamp enable
diag debug application ike -1
diag debug enable
The debug output on the FortiGate (acting as initiator) will be shown below:
ike 0:AWS-VPN-1_DGT:97642: initiator received AUTH msg
ike 0:AWS-VPN-1_DGT:97642: received notify type AUTHENTICATION_FAILED
ike 0:AWS-VPN-1_DGT:97642: schedule delete of IKE SA effec40b84bde15a/60df297450867f6c
ike 0:AWS-VPN-1_DGT:97642: scheduled delete of IKE SA effec40b84bde15a/60df297450867f6c
ike 0:AWS-VPN-1_DGT: connection expiring due to phase1 down
This issue could likely occur due to a pre-shared key mismatch. The peer end device is detecting a mismatch hence it is sending an AUTH failure.
To resolve this issue, re-key the same pre-shared key on both sides of the tunnel.
If issues still appear after the above steps, contact the TAC for further assistance.
Related articles:
Troubleshooting Tip: Error 'received notify type AUTHENTICATION_FAILED' isobtained when the IPSEC tu...
Technical Tip: IPsec tunnel is not coming up due to error message AUTHENTICATION_FAILED
