Description | This article explains about IPSec site-to-site VPN between FortiGate and Sonicwall fails with error message 'ignoring unencrypted INVALID-COOKIE'. |
Scope |
FortiGate, IPSec |
Solution |
Topology << Fortigate(Private IP on WAN interface) -> NAT Router(Azure) ->IPsec -> Sonicwall >>
IPsec VPN failed to be established when Sonicwall pointed to dynamic IP [i.e FortiDDNS]. Debug output on FortiGate shows, after the second message is received by the initiator 'ignoring unencrypted INVALID-COOKIE' and retransmit.
Note: Sonic wall will not properly recognize the NAT'ed IP.
To address this issue, on the Sonicwall side, add the Peer ID [IPV4 Address] to be FortiGate's private IP which is facing the NAT Router. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.