FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
RV2
Staff
Staff
Article Id 341666
Description This article describes how to address one possible failure scenario of P2 establishment on an S2S IPsec tunnel between FortiGate and Sonicwall.
Scope FortiGate.
Solution

If P2 fails to establish for a site-to-site IPsec tunnel between FortiGate and Sonicwall, it may show the following error in the IKE debug or VPN event logs:

 

INVALID-ID-INFORMATION

 

If this occurs, check the phase 2 source and destination networks to ensure they match on both sides. Ensuring they match will fix the issue.

 

The IKE debug should show P2 retransmissions with the previously mentioned error code when the issue happens:

 

p2 error.png

 

 

Contributors