Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
subramanis
Staff
Staff

Created on ‎07-26-2024 03:50 AM

Article Id 328232

Troubleshooting Tip: ADVPN error 'auto-discovery-receiver is disabled, ignoring'

Description This article describes the solution for the error 'auto-discovery-receiver is disabled, ignoring' that appears during an IKE debug with ADVPN setup.
Scope FortiGate.
Solution

This error appears while troubleshooting an IPsec tunnel using the IKE debug command:

 

diagnose debug application ike -1

diagnose debug console timestamp enable

diagnose debug enable

 

The error in the debug output is as follows:

 

FortiGate-100F # ike shrank heap by 135168 bytes
ike shrank heap by 135168 bytes
ike shrank heap by 135168 bytes
ike 0: comes 157.96.26.132:500->132.132.132.1:500,ifindex=7,vrf=0....
ike 0: IKEv2 exchange=INFORMATIONAL id=51dc17629bb3c0b7/726060f434b96957 len=208
ike 0: in 51DC17629BB3C0B7726060F434B969572E20250000000000000000D0290000B4ED5FF8EB28C9AA3FF3EAEB8766B80CB8DD2B5A140105C1623234399EB04ACA66E4F30D6152D42226B91D9A6C5164D6958952A45123859D25C89DFDCAEC0F334EB723F3F332AFE94E3BD39D89EDD1495902123E881DB18B0566F30A0D6F551BDBB463B67793D9FDB962E253214EE738010C733B959F24176E01D07BE1ADB1A69A61AE0CF76383EB6962E71D5DB532FF62719A2EA9A6D4902B2A2B8E612485C768420ABA506EB9B71F62AB934D65FE7158
ike 0:DC_SPOKE:0: dec 51DC17629BB3C0B7726060F434B969572E20250000000000000000A829000004000000880000F0FBEFBEADDE000000000100000000010004AC1E040100030004AC1E040500070040CA9EF39C4C5DFD0F2B5563A0D0BA0A55744EAB1EC22A6C16773D6175B7EC4B6C0CD29F5863C14DB34B238697E4BA4799CFFA3EDCCC550CA5CEFF422B49E8389E000B000102000000000C000100010000000D000485858501000F000201F40000

ike 0:DC_SPOKE:0: received informational request
ike 0:DC_SPOKE:0: processing notify type SHORTCUT_OFFER
ike 0:DC_SPOKE: auto-discovery-receiver is disabled, ignoring    <- - - - - -
ike 0:DC_SPOKE:0: enc 0F0E0D0C0B0A0908070605040302010F
ike 0:DC_SPOKE:0: out 51DC17629BB3C0B7726060F434B969572E2025280000000000000050000000347FC7486FA94DC5E045BE867EFE2C30C36C515A8DEA8482F025F517608D5605CF4E377FD17536C4477C4231D5C235AD15
ike 0:DC_SPOKE:0: sent IKE msg (INFORMATIONAL_RESPONSE): 132.132.132.1:500->157.96.26.132:500, len=80, vrf=0, id=51dc17629bb3c0b7/726060f434b96957

 

Enable network-id on the ADVPN Hub and Spoke tunnel in the VPN configuration using the following command to solve this. The network-id should match the Hub and Spoke, but the network-id can be anything

ADVPN Hub:
 
config vpn ipsec phase1-interface
    edit <phase1-name>
        set network-overlay enable
        set network-id 10
    end
 
ADVPN Spoke:
 
config vpn ipsec phase1-interface
    edit <phase1-name>
        set network-overlay enable
        set network-id 10
  end
253
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.