This article describes that the error ike Negotiate SA Error: ike ike [1470] occurred due to the phase-2 Perfect Forward Secrecy (PFS) setting being mismatched.

In most cases, site-to-site VPN is with FortiGate to a third-party firewall. 

1. Find issues by using the following IKE debug commands: 

diagnose vpn ike log-filter dst-addr4 x.x.x. <----- Where x.x.x.x is a remote peer IP address. 
diagnose debug console timestamp enable  
diagnose debug application ike -1  
diagnose debug enable 

The following are the other options for the IKE filter:

msrc-addr4    <- Multiple IPv4 source address to filter by.
mdst-addr4    <- Multiple IPv4 destination address to filter by.
msrc-addr6    <- Multiple IPv6 source address to filter by.
mdst-addr6    <- Multiple IPv6 destination addresses to filter by.

To stop the debugs :

diagnose debug disable
diagnose debug reset

Note:

Starting from v7.4.1, the 'diagnose vpn ike log-filter dst-addr4' command has been changed to 'diagnose vpn ike log filter rem-addr4'. 

To filter multiple IPv4 remote gateway addresses 'diagnose vpn ike log filter mrem-addr4' could be used.

The IKE debug logs will appear as below: 

ike 4:test-P1:18317:test-P2:228618: PFS is disabled 

ike 4:test-P1:18317:test-P2:228618: lifetime=3600 

ike 4:test-P1:18317:test-P2:228618: no proposal chosen 

ike Negotiate SA Error: ike ike [1470] 

Solution:  

Verify PFS in phase-2 configuration from both sides and make sure that the DH group on phase-2 is identical. 

It is also possible to use the CLI: 

config vpn ipsec phase2-interface  

    (phase2-interface) # edit test  

        (test) # set pfs enable  

        (test) # set dhgrp 14 

(test) # end