FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to troubleshoot the error 'failed to create dialup instance, error 22: Invalid argument'
Scope
Dial-up IPsec, FortiGate v7.0.12 and prior, v7.2.7, v7.2.8, v7.4.1 and prior.
Solution
If there is a dial-up VPN tunnel that fails between the spoke and the hub, and on the hub, ike debug logs show the following output:
Hub Output:
ike 0:EDGE_INET1_c4: tunnel created tun_id 10.15.54.118/::10.14.82.54 remote_location 10.255.208.231-----remote_location 10.255.208.31 is the location-id set at spoke ike 0:EDGE_INET1_c4: failed to add member ike 0:EDGE_INET1_c4: failed to create dialup instance, error 22: Invalid argument-----error ike 0:EDGE_INET1:198686515: schedule delete of IKE SA 8f8c190604b8f40d/ec0f26f45865b195 ike 0:EDGE_INET1:198686515: scheduled delete of IKE SA 8f8c190604b8f40d/ec0f26f45865b195 ike 0:EDGE_INET1: deleting IPsec SA with SPI b6b07f9d ike 0:EDGE_INET1: IPsec SA with SPI b6b07f9d deletion failed: 2
This problem occurs with SD-WAN if the location-id is configured on spokes.
Spoke :
config system settings set h323-direct-model enable set gui-dynamic-routing enable set location-id 10.255.208.231 <----- Location-id is configured at the spoke. end
Workaround: Unset the location-id at the spoke device.
Permanent fix: Upgrade the hub device to v7.0.13, v7.2.9 or v7.4.2.
