Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rbarnes
Staff
Staff

Created on ‎03-20-2025 11:01 PM

Article Id 381452

Troubleshooting Tip: The IPv4 address is not supported for Peer ID for IPsec vpn tunnels

Description This article describes that the IPv4 address is not supported for a Peer ID setup for IPsec VPN tunnels.
Scope FortiGate v7.2, v7.4, v7.6.
Solution

Configured is a Site-to-site dialup tunnel using Peer ID due to there being multiple tunnels on the same FortiGate in the following example. The tunnel will not come up. The IPv4 Peer ID setting is causing the tunnel to fail and not come up.

 

All other configurations are correctly set and in place.

Remote tunnel settings:

 

config vpn ipsec phase1-interface

    edit "bgpfun"

        set interface "port3"

        set mode aggressive

        set peertype any

        set net-device disable

        set proposal aes128-sha1 aes256-sha1

        set localid "192.168.194.99"

        set localid-type address

        set remote-gw 192.168.194.99

        set psksecret xxxxx A

    Next

end

 

Local tunnel settings:

 

config vpn ipsec phase1-interface
    edit "bgpfun"
       set type dynamic
       set interface "port3"
       set mode aggressive
       set peertype one
       set net-device disable
       set proposal aes128-sha1 aes256-sha1
       set dpd on-idle
       set peerid "192.168.194.99"
       set psksecret xxxxx
       set dpd-retryinterval 60
   next
en

 

IKE debug output.

Snippet:

 

2025-03-05 16:3:46.059299 ike 0:bgpfun:2783: peer is FortiGate/FortiOS (v0 b0)2025-03-05 16:34:46.059703 ike 0:bgpfun:2783: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D32025-03-05 16:34:46.060180 ike 0:bgpfun:2783: VID FRAGMENTATION  02025-03-05 16:34:46.060704 ike 0:bgpfun:2783: peer identifier IPV4_ADDR 192.168.194.99 2025-03-05 16:34:46.061145 ike

0:bgpfun:2783: error, received 'c' expected '192.168.194.99'0::2784: peer identifier IPV4_ADDR 12.168.194.992025-03-05 16:34:49.009670 ike 0:bgpfun: ignoring IKE request, incorrect ID.

2025-03-05 16:34:46.010366 ike 0::2782: peer identifier IPV4_ADDR 192.168.194.99
2025-03-05 16:34:46.010784 ike 0:bgpfun: ignoring IKE request, incorrect ID.

 

The debug shows it is failing.

This is because FortiGate cannot use IPv4 as Peer ID is not supported as per the known issue 1109028.

 

Configure a text string as the Peer ID and Local ID in the tunnel setup.

 

config vpn ipsec phase1-interface

    edit "bgpfun"

        set interface "port3"

        set mode aggressive

        set peertype any

        set net-device disable

        set proposal aes128-sha1 aes256-sha1

        set localid "bgpfun”

        set remote-gw 192.168.194.99

        set psksecret xxxxx

    Next

end

 

The local tunnel settings:

 

config vpn ipsec phase1-interface

    edit "bgpfun"

        set interface "port3"

        set mode aggressive

        set peertype one

        set net-device disable

        set proposal aes128-sha1 aes256-sha1

        set remote-gw 192.168.194.50

        set peerid "bgpfun"

        set psksecret xxxxx

   next

end

 

This will work.

This behavior will be fixed in v7.6.3.

 

156
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.