Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
renjithmusafir
New Contributor

Forticlient - Unable to establish vpn - IPSEC

Hello,

 

Okay, I am burning my head on this for the past few days

I have created an ipsec forticlient vpn on a fortigate 70d and is not able to connect. Error on windows pc goes like this

VPN Connection Failed. Please check your configuration, network conenction and pre-shared key, then retry your connection......

Forticlient log goes like this 

3/24/2015 11:37:18 AM Notice VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.xxx.xxx loc_port=500 rem_ip=xx.xx.xx.xx rem_port=500 out_if=0 vpn_tunnel=New nav action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent xx.xx.xx.xx aggressive mode message #1 (OK)" vpntunnel="New nav" vpntype=ipsec

3/24/2015 11:37:18 AM Error VPN id=96567 msg="negotiation error, loc_ip=xxx.xxx.xxx.xxx loc_port=4500 rem_ip=xx.xx.xx.xx rem_port=4500 out_if=0 vpn_tunnel=New nav status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed xx.xx.xx.xx aggressive mode message #1 " vpntunnel="New nav" vpntype=ipsec

 

3/24/2015 11:37:30 AM Warning VPN id=96561 msg="locip=xxx.xxx.xxx.xxx locport=4500 remip=xx.xx.xx.xx remport=4500 outif=0 vpntunnel=New nav status=negotiate_error No response from the peer, phase1 retransmit reaches maximum count..." vpntunnel="New nav" vpntype=ipsec

In Mac it goes like this, 

Preshared key is incorrect 

I know the preshared key is correct.This connection was working until 2 weeks back. Dont know what went wrong.

The fortigate log says " Action : negotiate   Status: failureprogress Message: IPsec phase 1

 

 Any help would be much appreciated. 

2 REPLIES 2
Rewanta_FTNT
Staff
Staff

hi, 

 

looking into the vpn event logs, it seems like negotations errors this would mainly happen due to mis-configuration. 

 

-you can debug the ike (isakmp packets) from fgt

diag debug rest

diag debug console timestamp enable

diag vpn ike log-filter dst-addr4 <client_public_ip>

diag debug app ike -1

-vpn configuration. 

 

You may follow the videos:

http://docs.fortinet.com/d/fortigate-video-ipsec-vpn

 

thanks,

rewanta

 

vladyka

Hi renjithmusafir - did you manage to resolve this issue? I'm having the same problem and have spent a couple of hours trying to solve it but without success.

 

many thanks,

Regards,

Igor