Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alwis
Staff
Staff

Created on ‎04-20-2022 07:30 AM Edited on ‎04-20-2022 07:31 AM By Anonymous

Article Id 209842

Troubleshooting Tip: IPSec site-to-site VPN between FortiGate and Sonicwall fails with error message 'ignoring unencrypted INVALID-COOKIE'.

Description This article explains about IPSec site-to-site VPN between FortiGate and Sonicwall fails with error message 'ignoring unencrypted INVALID-COOKIE'.
Scope

 FortiGate, IPSec
Solution

Topology

<< Fortigate -> NAT Router ->IPsec -> Sonicwall >>

 

IPsec VPN failed to established when Sonicwall pointing to dynamic IP [i.e FortiDDNS]. Debug output on FortiGate  shows, after second message is received by initiator 'ignoring unencrypted INVALID-COOKIE'  and retransmit.

 

To address this issue, on Sonicwall side change the Peer ID [IPV4 Address] to be the FortiGate's private IP which is facing the NAT Router. 
Labels:
1237
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.