Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New_Member
New Contributor

Created on ‎02-21-2016 07:44 PM

Draytek Vigor & Fortigate - VPN IPSec site to site

Dear all,

 

I'm stuck config VPN site to site between fortigate 300c and Draytek 2950.

In Draytek:

Dial out IPSec Tunnel IKE phase 1 : 3DES_MD5_G5 IKE phase 2:  3DES_MD5 Main ID protection

in Fortigate:

Phase 1:  Main ID Protection 3DES_MD5 DH Group 2,5 Keylife 28800 Phase 2: 3DES_MD5 DH Group 5 Keylife 3600

adready setup policy accept IPSEC

I can not bring this tunnel up.

Please help!

Thanks

 

 

 

17819
0 Kudos
9 REPLIES 9
ede_pfau
SuperUser
SuperUser

Created on ‎02-22-2016 03:42 AM

ike 0:vpn:61: remote address 115.78.161.0 does not match configuration address 115.78.166.114, drop
You should check that first.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
6145
0 Kudos
New_Member
New Contributor
In response to ede_pfau

Created on ‎02-22-2016 06:59 AM

Dear Ede

i also check again config on the both devices .

No problem for the configuration.

any advice on this!

Many thanks!!!

6145
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to New_Member

Created on ‎02-22-2016 07:14 AM

Come on, you've got to provide more info than this! Do you really expect to come anything out of this with only breadcrumbs? Jeez.

 

Who is 115.78.116.0, who is 115.78.166.114, what are the 2 public IP addresses exactly (one DT, one FGT)? Screen shots of the DT config page? Config of the FGT (as text), phase1 will do for now.

 

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
6145
0 Kudos
emnoc
Esteemed Contributor III
In response to ede_pfau

Created on ‎02-22-2016 09:42 AM

We have some one here at our office doing the same  Vigor to  FGT. They have a document of how it should be configured which is simple.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
6145
0 Kudos
New_Member
New Contributor
In response to emnoc

Created on ‎02-22-2016 06:33 PM

Dear Emmoc

 

Could you share that document for my reference!

Many thanks

6145
0 Kudos
emnoc
Esteemed Contributor III
In response to New_Member

Created on ‎02-22-2016 06:42 PM

try this

 

http://www.draytek.com/index.php?option=com_k2&view=item&id=2028&Itemid=293&lang=en

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
6145
0 Kudos
New_Member
New Contributor
In response to emnoc

Created on ‎02-22-2016 07:17 PM

Dear Emmoc,

 

Thanks for your help!

I already refered this document before and followed step by step.

But still can not bring tunnel up with Error "remote address x.x.x.x does not match configuration address A.B.C.D, drop

Thanks

6145
0 Kudos
emnoc
Esteemed Contributor III
In response to New_Member

Created on ‎02-22-2016 10:42 PM

Do you have phase1 & 2 proposal matching?

 

Do you have have local/remote  subnets ( src/dst for our fortigate ) matching? I will probably get stuck with this tomorrow with our UK office and will post a outcome of what I do.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
6145
0 Kudos
New_Member
New Contributor
In response to emnoc

Created on ‎02-22-2016 11:18 PM

Dear Emnoc,

 

Thanks for your effort support!

I just find out the problem!A VIP is configured on either of the firewall for this external IP.

Just remove the VIP ,It's Ok now.

Regards

Vinh

6145
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.