Description
This article describes possible issues when trying to establish L2TP in IPsec with Windows VPN client.
When ike debug is running while trying to connect and Windows VPN client sends a request to delete IPsec SA and ISAKMP SA, there are 3 possible causes.
diag deb res
diag deb app ike -1
diag deb en
……
ike 0: comes 10.109.20.8:500->10.109.17.18:500,ifindex=44....
ike 0: IKEv1 exchange=Informational id=0bff1eef8377cfc7/89fa3fd20f302705:bd169de3 len=76
ike 0: in 0BFF1EEF8377CFC789FA3FD20F30270508100501BD169DE30000004CF088093033BB59FC176A7AA54D4905EA1721DE822191D71538384A368B2EC28AB181D9481591DA1AD4FF002B07FBFC48
ike 0:L2TP_0:0: dec 0BFF1EEF8377CFC789FA3FD20F30270508100501BD169DE30000004C0C0000189E219D6874BF26E2C12DE4528A20E7FC4FDD7041000000100000000103040001B08931860000000000000000
ike 0:L2TP_0:0: recv IPsec SA delete, spi count 1
ike 0:L2TP_0: deleting IPsec SA with SPI b0893186
ike 0:L2TP_0:L2TP-p2: deleted IPsec SA with SPI b0893186, SA count: 0
ike 0:L2TP_0:0: del route 10.109.20.8/255.255.255.255 oif L2TP_0(51) metric 15 priority 0
ike 0:L2TP_0: sending SNMP tunnel DOWN trap for L2TP-p2
ike 0:L2TP_0:L2TP-p2: delete
ike 0: comes 10.109.20.8:500->10.109.17.18:500,ifindex=44....
ike 0: IKEv1 exchange=Informational id=0bff1eef8377cfc7/89fa3fd20f302705:ff7eeb85 len=84
ike 0: in 0BFF1EEF8377CFC789FA3FD20F30270508100501FF7EEB8500000054119E5FB03F125032AB31EB8634042BB841775170B47EFAC547A2307D538EA4A3B64CAD7359271F396E82245CC0CE78D370C66A0E778FED66
ike 0:L2TP_0:0: dec 0BFF1EEF8377CFC789FA3FD20F30270508100501FF7EEB85000000540C0000189794A5DA2B604D6F53536810F0CAF564F0CB0FE80000001C00000001011000010BFF1EEF8377CFC789FA3FD20F30270500000000
ike 0:L2TP_0:0: recv ISAKMP SA delete 0bff1eef8377cfc7/89fa3fd20f302705
ike 0:L2TP_0: deleting
ike 0:L2TP_0: flushing
ike 0:L2TP_0: sending SNMP tunnel DOWN trap
ike 0:L2TP_0: flushed
ike 0:L2TP_0: delete dynamic
ike 0:L2TP_0: deleted
Scope
FortiGate.
Solution
To create a new DWORD, select anywhere a blank white space and select New -> DWORD (32 bit) Value.
To change the value to 2, 'right-click' on the newly created DWORD and select modify:
For public knowledge, this issue is more related to the Windows environment then the Fortigate indeed, if anybody get any doubt about it, please check the official link: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.