Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Dialup peer don`t connect to server when recon...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dialup peer don`t connect to server when reconnecting IPsec tunnel
Hello everyone,
I set up a Dialup IPSec tunnel between two FortiGates. The remote FortiGate connects to the server via an external LTE modem. Port forwarding is configured on the modem. If the connection is lost, the tunnel isn't automatically reestablished. Phase 1 appears to be established, but phase 2 isn't. After rebooting the remote Fortigate, the tunnel establishes itself automatically. However, after the connection is lost, it doesn't establish itself again. Where to look for the problem? Here's the debugging log:
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: created connection: 0x9764470 5 192.168.2.2->105.109.199.30:500.
ike V=root:0:VPN_Test_TSw1:348: initiator: aggressive mode is sending 1st message...
ike V=root:0:VPN_Test_TSw1:348: cookie f28a0d09e11de14b/0000000000000000
ike V=root:0:VPN_Test_TSw1:348: generate DH public value request queued
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14B000000000000000001100400000000000000026E0400003C000000010000000100000030010100010000002801010000800B0001000C000400015
18080010007800E010080030001800200028004000E0A000104D73D37B5C846B47FA24CD69E10593530F9EF85CE13638F0357A734F01E0C49B4D78D7022041E6100B7AFEE52C1C3E0EA5B06E8319DBC628
B4B358623A389E993B70D73F79E30DD09F28FB04E937EB8B89EA553EE2C62F694CF4721B5BFF68926F39EB9487E8B4953486A210486287C08CE69320B5F3BB012F3F703CAB0A17549CC1DC327B5E46B08C
86528EE3EAA3F4367C21044031261E304D5FA1C937D2C838237607937F3B9C556BF7D45ADE47B231F030D2BE4E09C643F74EE2ADA0F853EE2B79600632E0989BC550D0702AF34536EED8167442200DE362
DF8C9B99B0F50C78E90CF08F5B74BBDDD81DB7F494DE14B4EF70E3ACEB1E926DC68F3B6EFD0ED05000024A7950136DECC5925100B1001CB2DAE342D1831A1E5D2B98A78FB9AF7C472F0150D00000E0B000
0005465737446470D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086
381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9
FE274CC02040D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (agg_i1send): 192.168.2.2:500->105.109.199.30:500, len=622, vrf=0, id=f28a0d09e11de14b/0000000000000000
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=576....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=576 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC40110040000000000000002400400003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E0100
80030001800200028004000E0A0001046658D172AB99266DBC252654A4BE43590374E21F371470589776181EF50BEA188B6C1060FB136FFCD34352160C021141A4C64B4E0D065D19BEDD56EF99CDB69115
910F98B1216D9910EE9886BCAC47B46A0D0369FCC23B1A3D23EF7DC98AD8E099272F8F560B3DA676C9A3DEDC0C390B20C631BF928BC2CAE4C8A9A18E2579E4EA76C59FDCF60B639DBE6DB7707D561809E0
F2EE8FC0F448004B1FBF9ABD334D0F59270928C3AF7B1E6155232EA3AB1226BCE31F6C86444E29D8807538219A32BF4BB31AC8D0567D77AF807B582DBECE8D1496905543D6456BB85F9F0188768D593E51
BF113504482518A73D58577A5683C7A7D54B0B936D7FE28F0E22DC3C6905000014D2F76DBEABBD56997A627CFA994B59080800000C02000000526F6F740D000018AB43B27421D140CB6C996F5F991BBCF1
9A2EE690140000144A131C81070358455C5728F20E95452F140000184B8A47591332356A79D475825A10618498A0580F0D0000189B94C71424DF0C400387A04BA3B412B8657D79DD0D000014AFCAD71368
A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE274CC02040D0000148299031757A36082C6A621DE000000000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBC
E88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:348: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike V=root:0:VPN_Test_TSw1:348: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike V=root:0:VPN_Test_TSw1:348: DPD negotiated
ike V=root:0:VPN_Test_TSw1:348: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0204
ike V=root:0:VPN_Test_TSw1:348: peer supports UNITY
ike V=root:0:VPN_Test_TSw1:348: VID FORTIGATE 8299031757A36082C6A621DE00000000
ike V=root:0:VPN_Test_TSw1:348: peer is FortiGate/FortiOS (v0 b0)
ike V=root:0:VPN_Test_TSw1:348: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike V=root:0:VPN_Test_TSw1:348: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:348: received peer identifier FQDN 'Root'
ike V=root:0:VPN_Test_TSw1:348: negotiation result
ike V=root:0:VPN_Test_TSw1:348: proposal id = 1:
ike V=root:0:VPN_Test_TSw1:348: protocol id = ISAKMP:
ike V=root:0:VPN_Test_TSw1:348: trans_id = KEY_IKE.
ike V=root:0:VPN_Test_TSw1:348: encapsulation = IKE/none
ike V=root:0:VPN_Test_TSw1:348: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike V=root:0:VPN_Test_TSw1:348: type=OAKLEY_HASH_ALG, val=SHA.
ike V=root:0:VPN_Test_TSw1:348: type=AUTH_METHOD, val=PRESHARED_KEY.
ike V=root:0:VPN_Test_TSw1:348: type=OAKLEY_GROUP, val=MODP2048.
ike V=root:0:VPN_Test_TSw1:348: ISAKMP SA lifetime=86400
ike V=root:0:VPN_Test_TSw1:348: received NAT-D payload type 20
ike V=root:0:VPN_Test_TSw1:348: received NAT-D payload type 20
ike V=root:0:VPN_Test_TSw1:348: selected NAT-T version: RFC 3947
ike V=root:0:VPN_Test_TSw1:348: NAT detected: ME
ike V=root:0:VPN_Test_TSw1:348: compute DH shared secret request queued
ike 0:VPN_Test_TSw1:348: ISAKMP SA f28a0d09e11de14b/d5eae735d8a51bc4 key 32:95B4470C719B24F5704BCEB350B100F30E7A7691128D6CDAF3DC5D26A7B26674
ike V=root:0:VPN_Test_TSw1:348: PSK authentication succeeded
ike V=root:0:VPN_Test_TSw1:348: authentication OK
ike V=root:0:VPN_Test_TSw1:348: NAT-T float port 4500
ike V=root:0:VPN_Test_TSw1:348: add INITIAL-CONTACT
ike 0:VPN_Test_TSw1:348: enc F28A0D09E11DE14BD5EAE735D8A51BC40810040100000000000000801400001808C0DBFF1126CDBF9CDC36DDAD2504C38F87DAC214000018F57590E70A8ED26752D23
3CE39973A818E6A8D090B0000182EEA10AF2A93A962B75725FCED62EE35FCB3785C0000001C0000000101106002F28A0D09E11DE14BD5EAE735D8A51BC4
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100401000000000000008CE840B1D5E9E961F05DFAC075F4B46BE47254720A844D2CC7EC0CFA327BD7B67C8193238BB9BD8
DB953525965879181282BCA5A7F18BC426F11FF6DA3502C05D0E20C30F35BC8B80ADA0480950E9F20B8966E9860AC2A176947C227381585651ABC4EAC041E02975833BCF5CB37BA2834
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (agg_i2send): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1:348: established IKE SA f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1:348: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
ike V=root:0:VPN_Test_TSw1:348: initiating mode-cfg pull from peer
ike V=root:0:VPN_Test_TSw1:348: mode-cfg request APPLICATION_VERSION
ike V=root:0:VPN_Test_TSw1:348: mode-cfg request INTERNAL_IP4_ADDRESS
ike V=root:0:VPN_Test_TSw1:348: mode-cfg request INTERNAL_IP4_NETMASK
ike V=root:0:VPN_Test_TSw1:348: mode-cfg request UNITY_SPLIT_INCLUDE
ike V=root:0:VPN_Test_TSw1:348: mode-cfg request UNITY_PFS
ike 0:VPN_Test_TSw1:348: enc F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000007C0E0000186DAB60911B0ED6B61EFDC52EF525D8BD21875F1C000000480100B1E90007002C466F7
27469476174652D3430462076372E342E382C6275696C64323739352C323530353233202847412E4D2900010000000200007004000070070000
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000008C8EDDC8B0AEE4EAFC366AECD809ABD9100629EE4770278C255D141825C874C13EDF463E5897756
823B0729D122B3A0E278A064AA6BC173916EA82A63D98BD4608D195C94C5522AC31F992839E9A2F25785AD8B9A637BC992423363CE65DFF5FAD3872F34225FB5F64C51C73583C8874A4
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (cfg_send): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4:a7b1376b
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500 negotiating
ike V=root:0:VPN_Test_TSw1:348: peer has not completed Configuration Method
ike V=root:0:VPN_Test_TSw1:348:VPN_Test_TSw1:1057: Mode Config pending, queuing quick-mode request
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000008C8EDDC8B0AEE4EAFC366AECD809ABD9100629EE4770278C255D141825C874C13EDF463E5897756
823B0729D122B3A0E278A064AA6BC173916EA82A63D98BD4608D195C94C5522AC31F992839E9A2F25785AD8B9A637BC992423363CE65DFF5FAD3872F34225FB5F64C51C73583C8874A4
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (CFG_RETRANS): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4:a7b1376b
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=544....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=544 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000002200000020400010100F28A0D09E11DE14BD5EAE735D8A51BC40110040000000000000002400400003C0000000100000001
00000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200028004000E0A0001046658D172AB99266DBC252654A4BE43590374E21F371470589776181EF5
0BEA188B6C1060FB136FFCD34352160C021141A4C64B4E0D065D19BEDD56EF99CDB69115910F98B1216D9910EE9886BCAC47B46A0D0369FCC23B1A3D23EF7DC98AD8E099272F8F560B3DA676C9A3DEDC0C
390B20C631BF928BC2CAE4C8A9A18E2579E4EA76C59FDCF60B639DBE6DB7707D561809E0F2EE8FC0F448004B1FBF9ABD334D0F59270928C3AF7B1E6155232EA3AB1226BCE31F6C86444E29D8807538219A
32BF4BB31AC8D0567D77AF807B582DBECE8D1496905543D6456BB85F9F0188768D593E51BF113504482518A73D58577A5683C7A7D54B0B936D7FE28F0E22DC3C6905000014D2F76DBEABBD56997A627CFA
994B59080800000C02000000526F6F740D000018AB43B27421D140CB6C996F5F991BBCF19A2EE690140000144A131C81070358455C5728F20E95452F140000184B8A47591332356A79D475825A10618498
A0580F0D0000189B94C71424DF0C400387A04BA3B412B8657D79DD0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE2
ike V=root:0:VPN_Test_TSw1:348: received fragment len 516 id 1 index 1 last 0
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=104....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=104 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000000680000004C0001020174CC02040D0000148299031757A36082C6A621DE000000000D0000144048B7D56EBCE88525E7DE7F
00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:348: received fragment len 76 id 1 index 2 last 1
ike V=root:0:VPN_Test_TSw1:348: frag ID 256 total fragments expected 2
ike V=root:0:VPN_Test_TSw1:348: retransmission, re-send last message
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100401000000000000008CE840B1D5E9E961F05DFAC075F4B46BE47254720A844D2CC7EC0CFA327BD7B67C8193238BB9BD8
DB953525965879181282BCA5A7F18BC426F11FF6DA3502C05D0E20C30F35BC8B80ADA0480950E9F20B8966E9860AC2A176947C227381585651ABC4EAC041E02975833BCF5CB37BA2834
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (retransmit): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4
ike :shrank heap by 159744 bytes
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000008C8EDDC8B0AEE4EAFC366AECD809ABD9100629EE4770278C255D141825C874C13EDF463E5897756
823B0729D122B3A0E278A064AA6BC173916EA82A63D98BD4608D195C94C5522AC31F992839E9A2F25785AD8B9A637BC992423363CE65DFF5FAD3872F34225FB5F64C51C73583C8874A4
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (CFG_RETRANS): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4:a7b1376b
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=544....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=544 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000002200000020400020100F28A0D09E11DE14BD5EAE735D8A51BC40110040000000000000002400400003C0000000100000001
00000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200028004000E0A0001046658D172AB99266DBC252654A4BE43590374E21F371470589776181EF5
0BEA188B6C1060FB136FFCD34352160C021141A4C64B4E0D065D19BEDD56EF99CDB69115910F98B1216D9910EE9886BCAC47B46A0D0369FCC23B1A3D23EF7DC98AD8E099272F8F560B3DA676C9A3DEDC0C
390B20C631BF928BC2CAE4C8A9A18E2579E4EA76C59FDCF60B639DBE6DB7707D561809E0F2EE8FC0F448004B1FBF9ABD334D0F59270928C3AF7B1E6155232EA3AB1226BCE31F6C86444E29D8807538219A
32BF4BB31AC8D0567D77AF807B582DBECE8D1496905543D6456BB85F9F0188768D593E51BF113504482518A73D58577A5683C7A7D54B0B936D7FE28F0E22DC3C6905000014D2F76DBEABBD56997A627CFA
994B59080800000C02000000526F6F740D000018AB43B27421D140CB6C996F5F991BBCF19A2EE690140000144A131C81070358455C5728F20E95452F140000184B8A47591332356A79D475825A10618498
A0580F0D0000189B94C71424DF0C400387A04BA3B412B8657D79DD0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE2
ike V=root:0:VPN_Test_TSw1:348: received fragment len 516 id 2 index 1 last 0
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=104....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=104 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000000680000004C0002020174CC02040D0000148299031757A36082C6A621DE000000000D0000144048B7D56EBCE88525E7DE7F
00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:348: received fragment len 76 id 2 index 2 last 1
ike V=root:0:VPN_Test_TSw1:348: frag ID 512 total fragments expected 2
ike V=root:0:VPN_Test_TSw1:348: retransmission, re-send last message
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100401000000000000008CE840B1D5E9E961F05DFAC075F4B46BE47254720A844D2CC7EC0CFA327BD7B67C8193238BB9BD8
DB953525965879181282BCA5A7F18BC426F11FF6DA3502C05D0E20C30F35BC8B80ADA0480950E9F20B8966E9860AC2A176947C227381585651ABC4EAC041E02975833BCF5CB37BA2834
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (retransmit): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/5101000000000000
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000008C8EDDC8B0AEE4EAFC366AECD809ABD9100629EE4770278C255D141825C874C13EDF463E5897756
823B0729D122B3A0E278A064AA6BC173916EA82A63D98BD4608D195C94C5522AC31F992839E9A2F25785AD8B9A637BC992423363CE65DFF5FAD3872F34225FB5F64C51C73583C8874A4
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (CFG_RETRANS): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4:a7b1376b
ike :shrank heap by 135168 bytes
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/4100000000000000
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=544....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=544 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000002200000020400030100F28A0D09E11DE14BD5EAE735D8A51BC40110040000000000000002400400003C0000000100000001
00000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200028004000E0A0001046658D172AB99266DBC252654A4BE43590374E21F371470589776181EF5
0BEA188B6C1060FB136FFCD34352160C021141A4C64B4E0D065D19BEDD56EF99CDB69115910F98B1216D9910EE9886BCAC47B46A0D0369FCC23B1A3D23EF7DC98AD8E099272F8F560B3DA676C9A3DEDC0C
390B20C631BF928BC2CAE4C8A9A18E2579E4EA76C59FDCF60B639DBE6DB7707D561809E0F2EE8FC0F448004B1FBF9ABD334D0F59270928C3AF7B1E6155232EA3AB1226BCE31F6C86444E29D8807538219A
32BF4BB31AC8D0567D77AF807B582DBECE8D1496905543D6456BB85F9F0188768D593E51BF113504482518A73D58577A5683C7A7D54B0B936D7FE28F0E22DC3C6905000014D2F76DBEABBD56997A627CFA
994B59080800000C02000000526F6F740D000018AB43B27421D140CB6C996F5F991BBCF19A2EE690140000144A131C81070358455C5728F20E95452F140000184B8A47591332356A79D475825A10618498
A0580F0D0000189B94C71424DF0C400387A04BA3B412B8657D79DD0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE2
ike V=root:0:VPN_Test_TSw1:348: received fragment len 516 id 3 index 1 last 0
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=104....
ike V=root:0: IKEv1 exchange=Aggressive id=f28a0d09e11de14b/d5eae735d8a51bc4 len=104 vrf=0
ike 0: in F28A0D09E11DE14BD5EAE735D8A51BC48410040000000000000000680000004C0003020174CC02040D0000148299031757A36082C6A621DE000000000D0000144048B7D56EBCE88525E7DE7F
00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:348: received fragment len 76 id 3 index 2 last 1
ike V=root:0:VPN_Test_TSw1:348: frag ID 768 total fragments expected 2
ike V=root:0:VPN_Test_TSw1:348: retransmission, re-send last message
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100401000000000000008CE840B1D5E9E961F05DFAC075F4B46BE47254720A844D2CC7EC0CFA327BD7B67C8193238BB9BD8
DB953525965879181282BCA5A7F18BC426F11FF6DA3502C05D0E20C30F35BC8B80ADA0480950E9F20B8966E9860AC2A176947C227381585651ABC4EAC041E02975833BCF5CB37BA2834
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (retransmit): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/4100000000000000
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC408100601A7B1376B0000008C8EDDC8B0AEE4EAFC366AECD809ABD9100629EE4770278C255D141825C874C13EDF463E5897756
823B0729D122B3A0E278A064AA6BC173916EA82A63D98BD4608D195C94C5522AC31F992839E9A2F25785AD8B9A637BC992423363CE65DFF5FAD3872F34225FB5F64C51C73583C8874A4
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (CFG_RETRANS): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4:a7b1376b
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/5101000000000000
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/a100000000000000
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1: NAT keep-alive 5 192.168.2.2->105.109.199.30:4500.
ike 0:VPN_Test_TSw1:348: out FF
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (keepalive): 192.168.2.2:4500->105.109.199.30:4500, len=1, vrf=0, id=ff00000000000000/4100000000000000
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:4500
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: using existing connection
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1: request is on the queue
ike V=root:0:VPN_Test_TSw1:348::1056: cfg-mode negotiation failed due to retry timeout
ike V=root:0:VPN_Test_TSw1:348: schedule delete of IKE SA f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1:348: scheduled delete of IKE SA f28a0d09e11de14b/d5eae735d8a51bc4
ike V=root:0:VPN_Test_TSw1:348: send IKE SA delete f28a0d09e11de14b/d5eae735d8a51bc4
ike 0:VPN_Test_TSw1:348: enc F28A0D09E11DE14BD5EAE735D8A51BC4081005016D56EA00000000500C000018E15FA6A6BAE56070DB4899BF84F19278AE1F2B450000001C0000000101100001F28A0
D09E11DE14BD5EAE735D8A51BC4
ike 0:VPN_Test_TSw1:348: out F28A0D09E11DE14BD5EAE735D8A51BC4081005016D56EA000000005C8CC3C9FCE135981B9E5E3C803B368D80E28DBF01D2DFCCFAECF3AB25EB2BBDA8736A242845B1D
8C3B411637D5915377ABBDCB2FC34C074C3E7C05EC0E59CACDC
ike V=root:0:VPN_Test_TSw1:348: sent IKE msg (ISAKMP SA DELETE-NOTIFY): 192.168.2.2:4500->105.109.199.30:4500, len=92, vrf=0, id=f28a0d09e11de14b/d5eae735d8a51bc4
:6d56ea00
ike V=root:0:VPN_Test_TSw1: connection expiring due to phase1 down
ike V=root:0:VPN_Test_TSw1: going to be deleted
ike V=root:0:VPN_Test_TSw1: reset NAT-T
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Borys_DE ,
You are getting peer has not completed Configuration Method error which means mode config is enabled on one peer but disabled on other.
please check the mode config settings ok both peers.
Nivedha Balasubramanian
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nivedha,
but then why does the remote peer tunnel automatically recover after a reboot?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you do a diagnose vpn ike gateway list , when it works vs when it doesnt ? i would compare them later when you encounter the issue again.
the reboot doesnt really make sense why it solves the issue, but i think its related to the config of the ipsec.
did you follow https://docs.fortinet.com/document/fortigate/7.4.9/administration-guide/6896 ?
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the log after reboot:
ike V=root:0:wan: IP 192.168.2.2 added
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:0
ike V=root:0: cache rebuild start
ike V=root:0:VPN_Test_TSw1: local:0.0.0.0, remote:105.109.199.30
ike V=root:0: cache rebuild done
ike V=root:0:VPN_Test_TSw1: could not locate phase1 configuration.
ike :change cfg 0 interface 1 router 0 certs 0 ha 0
ike :config update start
ike :ike_embryonic_conn_limit = 1000
ike :ikecrypt DH multi-process enabled
ike V=root:0: sync=no FGCP:disabled role:master, FGSP:disabled id:0 slave-add-routes:disabled
ike V=root:0:VPN_Test_TSw1: local-addr change 0.0.0.0 -> 192.168.2.2
ike V=root:0:VPN_Test_TSw1: oif 5, vrf 0
ike V=root:0: policy 90 action is DENY, ignoring
ike config clean start 4
ike V=root:0:VPN_Test_TSw1: schedule auto-negotiate
ike config clean done 4
ike :config update done
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:0
ike V=root:0: cache rebuild start
ike V=root:0:VPN_Test_TSw1: local:192.168.2.2, remote:105.109.199.30
ike V=root:0:VPN_Test_TSw1: cached as static-ddns.
ike V=root:0: cache rebuild done
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: config found
ike V=root:0:VPN_Test_TSw1:VPN_Test_TSw1: created connection: 0x975e900 5 192.168.2.2->105.109.199.30:500.
ike V=root:0:VPN_Test_TSw1: IPsec SA connect 5 192.168.2.2->105.109.199.30:500 negotiating
ike V=root:0:VPN_Test_TSw1: no suitable ISAKMP SA, queuing quick-mode request and initiating ISAKMP SA negotiation
ike V=root:0:VPN_Test_TSw1:0: initiator: aggressive mode is sending 1st message...
ike V=root:0:VPN_Test_TSw1:0: cookie 8bc90857813b7f2a/0000000000000000
ike V=root:0:VPN_Test_TSw1:0: generate DH public value request queued
ike 0:VPN_Test_TSw1:0: out 8BC90857813B7F2A00000000000000000110040000000000000001EE0400003C000000010000000100000030010100010000002801010000800B0001000C00040001518
080010007800E010080030001800200028004001E0A000084968A674E60A440DBA8D874CBC777E1D0E63C245BF21596E192973332556B18706C4576EF89480A9A043FB91CC0490B61DC58073FB4A98FC9A
9252742D93732A76DD34EEFA58AED16C196E7640F9A098E7BC69CB58813D80FD3F28010C62DE160A9B8732574DADA16A5557505D11CAB8CB806D1C8D28CE0E1D89BEEC01716775505000024C1E87AD0300
16DFFB394963C9897C339E2B8CA86409DE778F7566955FA79B6690D00000E0B0000005465737446470D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560
D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D0
00014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE274CC02040D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000
000000000148299031757A36082C6A621DE00000000
ike V=root:0:VPN_Test_TSw1:0: sent IKE msg (agg_i1send): 192.168.2.2:500->105.109.199.30:500, len=494, vrf=0, id=8bc90857813b7f2a/0000000000000000
ike V=root:0: comes 105.109.199.30:500->192.168.2.2:500,ifindex=5,vrf=0,len=448....
ike V=root:0: IKEv1 exchange=Aggressive id=8bc90857813b7f2a/ce5899c731349806 len=448 vrf=0
ike 0: in 8BC90857813B7F2ACE5899C7313498060110040000000000000001C00400003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E0100
80030001800200028004001E0A0000842576177B2B51C5D5386492ADA3138307141B4F68375F93CC61D746B0D1A988E6B456D752387B476AA8478E2CFCCECA70F4317028E69C883D6546E9A76D0F544F46
F3814932FDCFEC9F05786C6E8428D91DC6F7E00E3847C94D1C3D98E9FA1115494615B56C1A91D4720A21E5B75309C9F32CD1975C66AA1152C068A073CEBC0C050000145757CA5BA69644E1A7F1219BF12A
4F5D0800000C02000000526F6F740D0000184041F4BDCBD4B4044C99B2F7EE26B6751EA5CF14140000144A131C81070358455C5728F20E95452F14000018E1B293E4424F98CB2EBD213680DE615F6A436E
9E0D000018A0338EAE66D799E4D08F4E8961D2333B8459F9770D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE274CC02040D0000148299031757A36082C6A621DE
000000000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:0: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike V=root:0:VPN_Test_TSw1:0: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike V=root:0:VPN_Test_TSw1:0: DPD negotiated
ike V=root:0:VPN_Test_TSw1:0: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0204
ike V=root:0:VPN_Test_TSw1:0: peer supports UNITY
ike V=root:0:VPN_Test_TSw1:0: VID FORTIGATE 8299031757A36082C6A621DE00000000
ike V=root:0:VPN_Test_TSw1:0: peer is FortiGate/FortiOS (v0 b0)
ike V=root:0:VPN_Test_TSw1:0: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike V=root:0:VPN_Test_TSw1:0: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike V=root:0:VPN_Test_TSw1:0: received peer identifier FQDN 'Root'
ike V=root:0:VPN_Test_TSw1:0: negotiation result
ike V=root:0:VPN_Test_TSw1:0: proposal id = 1:
ike V=root:0:VPN_Test_TSw1:0: protocol id = ISAKMP:
ike V=root:0:VPN_Test_TSw1:0: trans_id = KEY_IKE.
ike V=root:0:VPN_Test_TSw1:0: encapsulation = IKE/none
ike V=root:0:VPN_Test_TSw1:0: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike V=root:0:VPN_Test_TSw1:0: type=OAKLEY_HASH_ALG, val=SHA.
ike V=root:0:VPN_Test_TSw1:0: type=AUTH_METHOD, val=PRESHARED_KEY.
ike V=root:0:VPN_Test_TSw1:0: type=OAKLEY_GROUP, val=ECP512BP.
ike V=root:0:VPN_Test_TSw1:0: ISAKMP SA lifetime=86400
ike V=root:0:VPN_Test_TSw1:0: received NAT-D payload type 20
ike V=root:0:VPN_Test_TSw1:0: received NAT-D payload type 20
ike V=root:0:VPN_Test_TSw1:0: selected NAT-T version: RFC 3947
ike V=root:0:VPN_Test_TSw1:0: NAT detected: ME
ike V=root:0:VPN_Test_TSw1:0: compute DH shared secret request queued
ike 0:VPN_Test_TSw1:0: ISAKMP SA 8bc90857813b7f2a/ce5899c731349806 key 32:AA2603AE489BC0D2BF5BD7E22F3581234EF79C80A2993C100BFDD81138776976
ike V=root:0:VPN_Test_TSw1:0: PSK authentication succeeded
ike V=root:0:VPN_Test_TSw1:0: authentication OK
ike V=root:0:VPN_Test_TSw1:0: NAT-T float port 4500
ike V=root:0:VPN_Test_TSw1:0: add INITIAL-CONTACT
ike 0:VPN_Test_TSw1:0: enc 8BC90857813B7F2ACE5899C73134980608100401000000000000008014000018CAE50386D98158AF5EF0B9E578132ADB28F4A5AC14000018A92B196A6BF5FF5FD942DD2
CAD8BCAC4984D00990B000018C339DFF56BD50E087FF8506A3C0A4D5BD6B074610000001C00000001011060028BC90857813B7F2ACE5899C731349806
ike 0:VPN_Test_TSw1:0: out 8BC90857813B7F2ACE5899C73134980608100401000000000000008C67E0F0303B6A8917710961A2B3AC46C1CD8D85A10D1D63BB0376BD5D0C6365708FAB0C01DDEC992
ABBE918748345A694D916FC734BFA91847249BA1796B32B5F0C96B5350C5C0D4CCA256736EAE1289F00227D668E446ECB267836E3483FF87A346B0D6581F19030AD63BE617D1C97B6
ike V=root:0:VPN_Test_TSw1:0: sent IKE msg (agg_i2send): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=8bc90857813b7f2a/ce5899c731349806
ike V=root:0:VPN_Test_TSw1:0: established IKE SA 8bc90857813b7f2a/ce5899c731349806
ike V=root:0:VPN_Test_TSw1:0: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
ike V=root:0:VPN_Test_TSw1:0: initiating mode-cfg pull from peer
ike V=root:0:VPN_Test_TSw1:0: mode-cfg request APPLICATION_VERSION
ike V=root:0:VPN_Test_TSw1:0: mode-cfg request INTERNAL_IP4_ADDRESS
ike V=root:0:VPN_Test_TSw1:0: mode-cfg request INTERNAL_IP4_NETMASK
ike V=root:0:VPN_Test_TSw1:0: mode-cfg request UNITY_SPLIT_INCLUDE
ike V=root:0:VPN_Test_TSw1:0: mode-cfg request UNITY_PFS
ike 0:VPN_Test_TSw1:0: enc 8BC90857813B7F2ACE5899C7313498060810060144C7D60F0000007C0E000018AB98CC090F7AF66594FC207D14C3F9511E48F2370000004801001FFC0007002C466F727
469476174652D3430462076372E342E382C6275696C64323739352C323530353233202847412E4D2900010000000200007004000070070000
ike 0:VPN_Test_TSw1:0: out 8BC90857813B7F2ACE5899C7313498060810060144C7D60F0000008CDEB0EAE0B9AE70286B0335AC9A5F4DA9178702B8B2EBCE5169A23506D01046A5AFB97B2B42FDED3
64C8713E6897B0C640CDF261D9C81840A2DA02948084E04B225277164AED7CC316A675FCD6B4E75642C3E9647D791FA48D3D4A1F97F8353CE7CE7BC28B6A9D9F34F978E40C534B8F9
ike V=root:0:VPN_Test_TSw1:0: sent IKE msg (cfg_send): 192.168.2.2:4500->105.109.199.30:4500, len=140, vrf=0, id=8bc90857813b7f2a/ce5899c731349806:44c7d60f
ike V=root:0: comes 105.109.199.30:4500->192.168.2.2:4500,ifindex=5,vrf=0,len=128....
ike V=root:0: IKEv1 exchange=Mode config id=8bc90857813b7f2a/ce5899c731349806:44c7d60f len=124 vrf=0
ike 0: in 8BC90857813B7F2ACE5899C7313498060810060144C7D60F0000007CD34D4B79C2DB69012E47DE9A53CF00E6D16076D35F105E7308A3626F74BEF8B560BD1DF21281EA90D3C692441AC95D83
3C5EE54E3A9D26C139A2229E9A2ABAB06F239D934CF974077EA9C89FE61C84EFB6D73B1E4CA6C49366266E566E3F9989
ike 0:VPN_Test_TSw1:0: dec 8BC90857813B7F2ACE5899C7313498060810060144C7D60F0000007C0E000018897677881833C4BE0E0BEFAA9BB0C6B4052429AC0000003D02001FFCF00700010007002
D466F727469476174652D323030462076372E342E382C6275696C64323739352C323530353233202847412E4D2916F94B539B829EFCD17A0A
ike V=root:0:VPN_Test_TSw1:0: mode-cfg received UNITY_PFS 1
ike V=root:0:VPN_Test_TSw1:0: mode-cfg received APPLICATION_VERSION 'FortiGate-200F v7.4.8,build2795,250523 (GA.M)'
ike V=root:0:VPN_Test_TSw1: set oper up
ike V=root:0:VPN_Test_TSw1: schedule auto-negotiate
ike V=root:0:VPN_Test_TSw1:0: initiating pending Quick-Mode negotiations
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: generate DH public value request queued
ike V=root:0:VPN_Test_TSw1:0: cookie 8bc90857813b7f2a/ce5899c731349806:334c2dd8
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: natt flags 0x1b, encmode 1->3
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_Test_TSw1:0: enc 8BC90857813B7F2ACE5899C73134980608102001334C2DD8000001A401000018175D972590FA6AEB58B2D264059F367CB00130310A00003800000001000000010000002
C0103040165AA3ABD00000020010C0000800100018002A8C08004000380060080800500028003000E04000014DD026B37D2759A505EEEDD6C6391DB720500010423495612361C5E0AEA87215CAED84216C
B86C4AA584039209731C024169F0F37339E4EBCBB71019AC694EED576461DE67519706CD3D4F8B9387BF508EDADD9845C5A9669BA5F46A5A845419D191BCBB0D08146ECA8E14F9F638D4C99CD2E08EBBE6
50B5962811543BD65CE9A74FE1F96D51E3018C1290639C7CF55229584573D0143C0AF31E13DDDCE41F03C5851B3F074A40498B55BBF3AFF69BBD8F4F453828F0957D49B692E254D96F3B4A6967837AD6AA
AF90A56B3780576664B7E5A55E2B594D057E458DB00760020B913F4DD3CF3845E920A1DC1B3B4059374090F1D53342B3FE8B02ACDAD4A856A73A61B465006DDDCC19052525882125AEC66B8DDD50500001
004000000000000000000000000000010040000000000000000000000
ike 0:VPN_Test_TSw1:0: out 8BC90857813B7F2ACE5899C73134980608102001334C2DD8000001AC541DBA39674186BF64191990721FCFAA3F9F87E400E9E4ADC0BA93C58446633E5983D99AA448C71
7FC5C27E2F64AE4C65694AA28652BE5D77DFAA66B13D6BD9704BF5C688B70A92DF827E810E082179AD409C88DDB648485419843735133C4D3345DF688B0C3BE3B45D99E74E5B8E5C715085A4A1128FEFD5
F37184C1912B0D6E2662EBF5E7DCA28393334B3437D07AE2034D0CE01185E506170A99D55F32297ACB0137CEC013EE0004BBE08C76328DABE679B0D65D5DECFDAAE23CB187517EB0E88D5AEB49B93BB628
4581F5CD04AADBE0371ADFB0F86EE8A30085F29130E15E717B9841DDBC4EBBAE06B29B3B904597CA2E237C4F74AD1F46FF883EECF334CA32AA27A55E609D68149F5E73B397B255D4A497103AADFB457455
3CC089DB63EE3D272744C1E9A13DA8DAA17D35513939B954C9CEAFFE026A42BDD8FAEC9039DF029AA1778BCAA876B31DADC72BD60AE546A92DF797F88DA0871104BB6F1CD83F60A56F3C35A572F3D715A2
928BD6D3625A5AB7777D97AE4BA4A4F8B2B44FC17551E4D2E7A8381EC661ED074F75972F5
ike V=root:0:VPN_Test_TSw1:0: sent IKE msg (quick_i1send): 192.168.2.2:4500->105.109.199.30:4500, len=428, vrf=0, id=8bc90857813b7f2a/ce5899c731349806:334c2dd8
ike V=root:0: comes 105.109.199.30:4500->192.168.2.2:4500,ifindex=5,vrf=0,len=432....
ike V=root:0: IKEv1 exchange=Quick id=8bc90857813b7f2a/ce5899c731349806:334c2dd8 len=428 vrf=0
ike 0: in 8BC90857813B7F2ACE5899C73134980608102001334C2DD8000001AC6A3E5109BD9354D0DFB156EE6D8372C5453975861EDC531D472E386F8BAAD3C7A1684887CF54A998F249CF4228CF9D55
2729837233AB7921C87E14829B6A5541B07A7E3B701BC8081FB21FE0DCB0833628BDFCEB7AE277478DBF39AB466F86A2ABAB452CB7D5A88766317C49F7E854B3BFB87635A97C57EAC0B4C5BE0B57821375
310345F09FF6F747D69251DC81166D2F0287B218D9A1B36E58E40F3773E3FCD4698C54BAC8C023E5F1B1A36A502C31408B924A2261CEA75EC0DA20BAE5B6EBD75364303A8A5E8AE0D8DE78650437206C55
6578F02C3EC44F5805637984357D4B0EE6854107C088B4331B2D745BD200F7BF52FDA4216CE286820EA0B89CA304812C099E1B4E146502C1EECA22D2114E4440E01FD15042625DF1309ADC2246EC375BF9
87623DB7352041A09128CDDE63E24B0F91EEABC50BE00D796513505AFEC682839ABD6247D124CCBAE4AAC97B1F0964DDB2F00C58F02672EA52E48AA0F277E8CE9D7EC9C89BAADDBD01DB6E41C585FD0C9D
819B13CD12EEAE52D2AF1B2267FBA3B2B65E88AD95A0D6040442875C
ike 0:VPN_Test_TSw1:0: dec 8BC90857813B7F2ACE5899C73134980608102001334C2DD8000001AC01000018F52007D1F7EC1446594FBE7E5B64CA69EEF201790A00003800000001000000010000002
C01030401C825E15200000020010C0000800100018002A8C08004000380060080800500028003000E04000014C5AD1ED097F90E72881FE323653CC701050001048D3CB0BF5F64A09D306D4AAC7D0B4AFEF
745CFFC0FBB55B244583C963D637C3057F395516524328D4B28F48E40A00A3E8D463C2EAAB39F662468A7FC8E7BCF2BE67C378230CC27E33D57B835EA779F29CDACABAB9B40491B130E2930D7299A7BFEC
E9F62BB7B41EADC55138B3B36E14CCE9EF710B9BF64DF4F929E30FD933D0960A709DE905B6D6B403C7C1B1E23409F6CB3117E9C1D1CFE59A7564369CF6C17324FC3147497CBB715F23D2ACD344DCAC41EB
B75A75192AF38D9F7BA0419CEDA02F8EC235D91AD6C904838F038FA395180B03FAA5869CF1F9E3EDC9482DC806D23D14D7E6EC97AAA95B4AE9EB9A819AF5C45FA60BA03931FEB09CA74DDEDB9D50500001
0040000000000000000000000000000100400000000000000000000008F7C21AE7BA54807
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: my proposal:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: proposal id = 1:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: protocol id = IPSEC_ESP:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: PFS DH group = 14
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: trans_id = ESP_AES_CBC (key_len = 128)
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: type = AUTH_ALG, val=SHA1
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: incoming proposal:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: proposal id = 1:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: protocol id = IPSEC_ESP:
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: PFS DH group = 14
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: trans_id = ESP_AES_CBC (key_len = 128)
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: type = AUTH_ALG, val=SHA1
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: compute DH shared secret request queued
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: replay protection enabled
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: SA life soft seconds=42900.
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: SA life hard seconds=43200.
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: IPsec SA selectors #src=1 #dst=1
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: src 0 4 0:0.0.0.0/0.0.0.0:0
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: add IPsec SA: SPIs=65aa3abd/c825e152
ike 0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: IPsec SA dec spi 65aa3abd key 16:8860FB014505142994F28914454E47AA auth 20:5C137B42B9D5EF441C9646E337C774AAFFEF5630
ike 0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: IPsec SA enc spi c825e152 key 16:1284DCBD075618A937E0881817C3A63D auth 20:8DA8F92BAF07B185D5035147FFC0728D081F1C8E
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: added IPsec SA: SPIs=65aa3abd/c825e152
ike V=root:0:VPN_Test_TSw1:0:VPN_Test_TSw1:0: sending SNMP tunnel UP trap
ike V=root:0:VPN_Test_TSw1: static tunnel up event 0.0.0.0 (dev=36)
ike V=root:0:VPN_Test_TSw1: static tunnel up event :: (dev=36)
ike 0:VPN_Test_TSw1:0: enc 8BC90857813B7F2ACE5899C73134980608102001334C2DD80000003400000018CCF3CAF5630316BF21CC589827FB7D980ABD91B7
ike 0:VPN_Test_TSw1:0: out 8BC90857813B7F2ACE5899C73134980608102001334C2DD80000003C30E189AC35FE62740274F8FD89F767500C8DD7DD67571111F870F66F78BF9F6F
ike V=root:0:VPN_Test_TSw1:0: sent IKE msg (quick_i2send): 192.168.2.2:4500->105.109.199.30:4500, len=60, vrf=0, id=8bc90857813b7f2a/ce5899c731349806:334c2dd8
ike :shrank heap by 86016 bytes
ike :change cfg 1 interface 0 router 0 certs 0 ha 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like an issue with the LTE modem. Double check the NAT idle timeout on the modem.
Regards,
Jerry
Jerry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The IPsec channel crashes approximately once a day. It seems to me that if this were the reason, the connection would drop much more often. But I'll try to check this parameter.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Borys_DE ,
Please attach these logs to a TAC support ticket and we will review it.
Regards,
Nivedha
Nivedha Balasubramanian
Labels
-
FortiGate
10,718 -
FortiClient
2,188 -
FortiManager
900 -
5.2
687 -
FortiAnalyzer
685 -
5.4
638 -
FortiSwitch
593 -
FortiClient EMS
574 -
FortiAP
564 -
IPsec
430 -
6.0
416 -
SSL-VPN
388 -
FortiMail
375 -
5.6
362 -
FortiNAC
292 -
FortiWeb
254 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
201 -
FortiAuthenticator
182 -
FortiGuard
160 -
5.0
152 -
Firewall policy
146 -
FortiGate-VM
137 -
6.4
128 -
FortiCloud Products
118 -
FortiToken
114 -
FortiSIEM
113 -
FortiGateCloud
112 -
Wireless Controller
95 -
High Availability
89 -
Customer Service
88 -
FortiProxy
79 -
ZTNA
77 -
Routing
76 -
SAML
75 -
Fortivoice
73 -
DNS
73 -
VLAN
73 -
FortiEDR
71 -
Authentication
71 -
BGP
71 -
FortiADC
69 -
Certificate
68 -
RADIUS
63 -
LDAP
62 -
FortiLink
57 -
SSO
56 -
NAT
55 -
FortiSandbox
53 -
FortiExtender
52 -
VDOM
50 -
4.0MR3
49 -
Interface
48 -
Application control
48 -
FortiDNS
43 -
Virtual IP
42 -
Logging
41 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
37 -
SSL SSH inspection
37 -
FortiConnect
35 -
Web profile
35 -
Automation
33 -
FortiWAN
31 -
FortiConverter
31 -
API
29 -
FortiGate v5.2
28 -
Fortigate Cloud
26 -
Traffic shaping
26 -
Static route
26 -
SNMP
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
System settings
22 -
WAN optimization
22 -
FortiMonitor
20 -
OSPF
20 -
Security profile
19 -
Web application firewall profile
19 -
Web rating
19 -
FortiSoar
18 -
IP address management - IPAM
18 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
FortiAP profile
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiCASB
14 -
NAC policy
14 -
FortiManager v4.0
13 -
DNS filter
13 -
Users
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Trunk
10 -
Traffic shaping profile
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiNDR
6 -
FortiCarrier
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2640 | |
| 1400 | |
| 810 | |
| 685 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.