I just found out this issue:
I set up a dial up IPSec. It is configured to do ike v2 and only accept one specific peer id.
I then downloaded and installed latest FortiClient VPN 7 (as I just need VPN for testing this).
I configured that IPSec in my FortiClient and tried to connect. This failed.
Looking in the ike debug log on my FGT I saw that on my connection attempt there was no peer id sent at all.
that the peer id is submitted by the FortiClient but the timing is wrong. Accoarding to th log the peer id was submitted way after it already negotiated proposals and matched a (wrong) gateway.
In consequence the request matched a wrong gateway and due to that then psk auth failed.
If I reconfigure that IPSec to do ike v1 instead with the rest set all the same as before and then again try to connect my FortiClient then it connects successfully. IKE Debug log on the FGT then shows that in the connection attempt the correct peer id had been submitted and it matched the correct gateway.
So I gues that is a nasty bug in FortiClient. You can configure it to a specific peer id even in ike v2 but it seems to never send that to the remote gateway. This is very very bad behaviour if you need to use more then one dial up ipsec....
I also opened a ticket with TAC on this...we'll see what they say.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Thanks a lot ( as usual) for your contribution and your help.
Could you please share what the TAC will say?
Thanks a lot in advance.
Regards,
actually what I wrote is not correct: Forticlient 7 does send a peer id in ikev2 but in fact the timing is wrong. It is sent but it is sent too late (I see it in log way after it already negotiated proposals and matched a tunnel).
If TAC says something helpful I will share it here.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thank you! you can edit your first message if you need or if you prefer I can delete it.
Regards,
I've edited the post now.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
You have taken the right step by opening a ticket with Fortinet's TAC (Technical Assistance Center). They will be able to provide further insights and assistance in resolving the issue. Their expertise in Fortinet products will help in identifying the root cause and providing a suitable solution or workaround.
in my case there is a (limited) workaround. Since we have a direct wan connection that terminates on the fgt itself and has a /29 subnet of wan ips available I can put up a 2nd ip address on that wan and make the ipsec just listen to that (set local gateway...) and since there is no other ipsec listening on this ip I then don't need a peer id.
However this is limited and only works with directly connected wans. It doesn't work if there is a router between fgt and internet.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Any update on this? I can't use ikev2 ipsec VPN and I think it could be the same issue.
How to reproduce from FortiOS 7.0.14 :
-create with the IPsec Wizard a Remote Access->Forticlient setup. Leaving everything at default (so ikev1) the connection from Forticlient works.
-go to IPSec Tunnels and edit the created tunnel. Make it a custom config. Change ike from v1 to v2. Change accordingly the Forticlient configuration. Now the connection doesn't work.
Here is the cli debug for the ikev2:
2024-02-12 15:46:31.169810 ike 0: IKEv2 exchange=SA_INIT id=f5b58f2efc4057d7/0000000000000000 len=436
2024-02-12 15:46:31.169838 ike 0: in F5B58F2EFC4057D700000000000000002120220800000000000001B42200005C0200002C010100040300000C0100000C800E00800300000802000005030000080300000C00000008040000050000002C020100040300000C0100000C800E01000300000802000005030000080300000C0000000804000005280000C8000500006E14A318B04F7C90F8A1FC65F3569EBA882BB3AE2F7E01BB5935709605A5B2D224391DC3296039B943C210550C269E819B1CD3F604AB4E56750CF3422F38660C58691758F94C39FC20B6E0F53162CAF41DACF35A2A9A518351FA6DAFB17F14402E561A3B439EE4042AB67B13765F23B7AE8CB64C0F618B7ED8CFC1D6D3EB17541457BA16ECCDF49BAF37BFE1E150514B6F8709B4B804D8C41F54219176D5DCAF1FA84D73DE5C778923A8E721F9B563EB59CA56E7F8865767E44292F5DA6070542B000014A480BE9BAAAF90C8EEB6F07CD73AD58F2B0000144C53427B6D465D1B337BB755A37A7FEF29000014B4F01CA951E9DA8D0BAFBBD34AD3044E2900001C000040047B449D05CC0DD00BF19EF7763272771A79DFBACE0000001C0000400552319E5E071278DAB6161AAF10DA99B969A82638
2024-02-12 15:46:31.169941 ike 0:f5b58f2efc4057d7/0000000000000000:35: responder received SA_INIT msg
2024-02-12 15:46:31.169976 ike 0:f5b58f2efc4057d7/0000000000000000:35: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
2024-02-12 15:46:31.170010 ike 0:f5b58f2efc4057d7/0000000000000000:35: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
2024-02-12 15:46:31.170043 ike 0:f5b58f2efc4057d7/0000000000000000:35: received notify type NAT_DETECTION_SOURCE_IP
2024-02-12 15:46:31.170076 ike 0:f5b58f2efc4057d7/0000000000000000:35: received notify type NAT_DETECTION_DESTINATION_IP
2024-02-12 15:46:31.170117 ike 0:f5b58f2efc4057d7/0000000000000000:35: incoming proposal:
2024-02-12 15:46:31.170148 ike 0:f5b58f2efc4057d7/0000000000000000:35: proposal id = 1:
2024-02-12 15:46:31.170169 ike 0:f5b58f2efc4057d7/0000000000000000:35: protocol = IKEv2:
2024-02-12 15:46:31.170189 ike 0:f5b58f2efc4057d7/0000000000000000:35: encapsulation = IKEv2/none
2024-02-12 15:46:31.170211 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=ENCR, val=AES_CBC (key_len = 128)
2024-02-12 15:46:31.170233 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-02-12 15:46:31.170254 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=PRF, val=PRF_HMAC_SHA2_256
2024-02-12 15:46:31.170276 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=DH_GROUP, val=MODP1536.
2024-02-12 15:46:31.170307 ike 0:f5b58f2efc4057d7/0000000000000000:35: proposal id = 2:
2024-02-12 15:46:31.170327 ike 0:f5b58f2efc4057d7/0000000000000000:35: protocol = IKEv2:
2024-02-12 15:46:31.170347 ike 0:f5b58f2efc4057d7/0000000000000000:35: encapsulation = IKEv2/none
2024-02-12 15:46:31.170368 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=ENCR, val=AES_CBC (key_len = 256)
2024-02-12 15:46:31.170390 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-02-12 15:46:31.170411 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=PRF, val=PRF_HMAC_SHA2_256
2024-02-12 15:46:31.170431 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=DH_GROUP, val=MODP1536.
2024-02-12 15:46:31.170453 ike 0: cache rebuild start
2024-02-12 15:46:31.170517 ike 0:XXX IPsec: cached as dynamic
2024-02-12 15:46:31.170545 ike 0:IPSEC TEST: cached as dynamic
2024-02-12 15:46:31.170565 ike 0: cache rebuild done
2024-02-12 15:46:31.170607 ike 0:f5b58f2efc4057d7/0000000000000000:35: matched proposal id 1
2024-02-12 15:46:31.170639 ike 0:f5b58f2efc4057d7/0000000000000000:35: proposal id = 1:
2024-02-12 15:46:31.170659 ike 0:f5b58f2efc4057d7/0000000000000000:35: protocol = IKEv2:
2024-02-12 15:46:31.170679 ike 0:f5b58f2efc4057d7/0000000000000000:35: encapsulation = IKEv2/none
2024-02-12 15:46:31.170700 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=ENCR, val=AES_CBC (key_len = 128)
2024-02-12 15:46:31.170721 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-02-12 15:46:31.170742 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=PRF, val=PRF_HMAC_SHA2_256
2024-02-12 15:46:31.170771 ike 0:f5b58f2efc4057d7/0000000000000000:35: type=DH_GROUP, val=MODP1536.
2024-02-12 15:46:31.170788 ike 0:f5b58f2efc4057d7/0000000000000000:35: lifetime=86400
2024-02-12 15:46:31.170815 ike 0:f5b58f2efc4057d7/0000000000000000:35: SA proposal chosen, matched gateway IPSEC TEST
2024-02-12 15:46:31.170872 ike 0:IPSEC TEST: created connection: 0x8854190 5 192.168.5.2->192.168.5.3:500.
2024-02-12 15:46:31.170915 ike 0:IPSEC TEST:35: processing notify type NAT_DETECTION_SOURCE_IP
2024-02-12 15:46:31.170979 ike 0:IPSEC TEST:35: processing NAT-D payload
2024-02-12 15:46:31.171005 ike 0:IPSEC TEST:35: NAT not detected
2024-02-12 15:46:31.171022 ike 0:IPSEC TEST:35: process NAT-D
2024-02-12 15:46:31.171038 ike 0:IPSEC TEST:35: processing notify type NAT_DETECTION_DESTINATION_IP
2024-02-12 15:46:31.171088 ike 0:IPSEC TEST:35: processing NAT-D payload
2024-02-12 15:46:31.171110 ike 0:IPSEC TEST:35: NAT not detected
2024-02-12 15:46:31.171126 ike 0:IPSEC TEST:35: process NAT-D
2024-02-12 15:46:31.171147 ike 0:IPSEC TEST:35: enable FortiClient endpoint compliance check, use 169.254.1.1
2024-02-12 15:46:31.171215 ike 0:IPSEC TEST:35: responder preparing SA_INIT msg
2024-02-12 15:46:31.171258 ike 0:IPSEC TEST:35: generate DH public value request queued
2024-02-12 15:46:31.171320 ike 0:IPSEC TEST:35: responder preparing SA_INIT msg
2024-02-12 15:46:31.171356 ike 0:IPSEC TEST:35: compute DH shared secret request queued
2024-02-12 15:46:31.172189 ike 0:IPSEC TEST:35: responder preparing SA_INIT msg
2024-02-12 15:46:31.172220 ike 0:IPSEC TEST:35: create NAT-D hash local 192.168.5.2/500 remote 192.168.5.3/500
2024-02-12 15:46:31.172257 ike 0:IPSEC TEST:35: out F5B58F2EFC4057D707CFD3FF2C75E6EA212022200000000000000160220000300000002C010100040300000C0100000C800E00800300000802000005030000080300000C0000000804000005280000C8000500001929C689D5DB38B79E9CD8036EA61CCD6C88B43DF1C74C1F164CC8800B8B429C9D116E34CD024253C0715AFE13A1E84B2DFAA77164331B89E50BE2D03BA87C63E6EBA4A99C221B5A9799B251B181784C753B84DEE037BA95613B91E3ACDBC9A45C6A4BA1407604EF8CB96F4703612CB3B5ABA34612015363BAC4CC7055788CD9614B5B54536CD832C70E6B650E3C4071B3CB770A8EA19C5C5A3525B9639EC267C38D296D9F5C5AB6EAD57B9C0C7B7E71DF05F8099F2D13DD3B751EFFB8EAFCAB29000014283678F6440A512C2DB8C789A6F6400F2900001C00004004EA7E69E0EA4F279A39DB82018C4F8D46A5055CC90000001C000040050AFFD433B32EDC25E7AA92977B23915EC03094BE
2024-02-12 15:46:31.172378 ike 0:IPSEC TEST:35: sent IKE msg (SA_INIT_RESPONSE): 192.168.5.2:500->192.168.5.3:500, len=352, vrf=0, id=f5b58f2efc4057d7/07cfd3ff2c75e6ea
2024-02-12 15:46:31.172488 ike 0:IPSEC TEST:35: IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea SK_ei 16:4185AF780D79D984B4399EDA3D9A6D00
2024-02-12 15:46:31.172517 ike 0:IPSEC TEST:35: IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea SK_er 16:787B450D38E22976E6CE345005E711AF
2024-02-12 15:46:31.172545 ike 0:IPSEC TEST:35: IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea SK_ai 32:67839DCE88FAB15B3444D58E37735E1AF2FF5CB32D33E25A2CDEE7D3E13124E0
2024-02-12 15:46:31.172572 ike 0:IPSEC TEST:35: IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea SK_ar 32:FB2948EDC7DD42AB95177B85C2BFE6E5877ADE5125A0F22CE46BE0BBB0002334
2024-02-12 15:46:31.181971 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:31.182013 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:31.182037 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:31.182141 ike 0:IPSEC TEST:35: dec F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000020E230000042900000C01000000C0A8050329000008000040002F0001120000F1005645523D310A4643545645523D372E322E332E303932390A5549443D31393939303632433442353734354232394630463933443245343636394533430A49503D3139322E3136382E352E330A4D41433D62342D62352D32662D37642D62642D30313B36382D39342D32332D61352D66662D31373B36382D39342D32332D61352D66662D31313B36382D39342D32332D61352D66662D31323B0A484F53543D445750433031330A555345523D70726F766169707365630A4F535645523D4D6963726F736F66742057696E646F77732031302050726F66657373696F6E616C2045646974696F6E2C2036342D62697420286275696C64203139303435290A5245475F5354415455533D300A002100004401000000000700104643543830303432373531303737303500010000000200000003000000040000000D000070010000540A0000540B000070000000001900002C00005402000028010304032752BB590300000C0100000C800E00800300000803000002000000080500000000000028020304032752BB590300000C0100000C800E0100030000080300000200000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF
2024-02-12 15:46:31.182210 ike 0:IPSEC TEST:35: responder received AUTH msg
2024-02-12 15:46:31.182230 ike 0:IPSEC TEST:35: processing notify type INITIAL_CONTACT
2024-02-12 15:46:31.182283 ike 0:IPSEC TEST:35: processing notify type 61696
2024-02-12 15:46:31.182332 ike 0:IPSEC TEST:35: received FCT data len = 266, data = 'VER=1
FCTVER=7.2.3.0929
UID=1999062C4B5745B29F0F93D2E4669E3C
IP=192.168.5.3
MAC=b4-xxx;68-yyy;
HOST=PC013
USER=ipsecuser
OSVER=Microsoft Windows 10 Professional Edition, 64-bit (build 19045)
REG_STATUS=0
'
2024-02-12 15:46:31.182393 ike 0:IPSEC TEST:35: FCT-UID = 1999062C4B5745B29F0F93D2E4669E3C
2024-02-12 15:46:31.182415 ike 0:IPSEC TEST:35: peer identifier IPV4_ADDR 192.168.5.3
2024-02-12 15:46:31.182435 ike 0:IPSEC TEST:35: re-validate gw ID
2024-02-12 15:46:31.182458 ike 0:IPSEC TEST:35: gw validation failed
2024-02-12 15:46:31.182485 ike 0:IPSEC TEST:35: schedule delete of IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea
2024-02-12 15:46:31.182516 ike 0:IPSEC TEST:35: scheduled delete of IKE SA f5b58f2efc4057d7/07cfd3ff2c75e6ea
2024-02-12 15:46:31.182601 ike 0:IPSEC TEST: connection expiring due to phase1 down
2024-02-12 15:46:31.182621 ike 0:IPSEC TEST: deleting
2024-02-12 15:46:31.182642 ike 0:IPSEC TEST: deleted
2024-02-12 15:46:34.696333 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:34.696391 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:34.696428 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:34.696510 ike 0: invalid IKE request SPI f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001
2024-02-12 15:46:37.711815 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:37.711871 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:37.711914 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:37.711996 ike 0: invalid IKE request SPI f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001
2024-02-12 15:46:40.743012 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:40.743070 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:40.743104 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:40.743185 ike 0: invalid IKE request SPI f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001
2024-02-12 15:46:43.758611 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:43.758676 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:43.758713 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:43.758815 ike 0: invalid IKE request SPI f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001
2024-02-12 15:46:46.774103 ike 0: comes 192.168.5.3:500->192.168.5.2:500,ifindex=5,vrf=0....
2024-02-12 15:46:46.774158 ike 0: IKEv2 exchange=AUTH id=f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001 len=560
2024-02-12 15:46:46.774183 ike 0: in F5B58F2EFC4057D707CFD3FF2C75E6EA2E202308000000010000023023000214970C7F3ADFDBB41E1328B557A682A3DA017C6E78675E181D54B7B74A5BFDB895B53998CB43B2E6EF51AFBB38A497D2FF7E43E40A0BA116D074D11FDCB5843EC323BC780D903EB6B0DFAB8AB4F9FB80634B2737A672C640B5D6731DFAB92CB9B3AFA8941929CB340E49E49C7D6D3B78BF50AF4BA4DE8D298669CFEEF3748BE1D86269B3B2B185624A826CF0EA15D7DC27233815E27AD5744C71F7B52BB8BFA10FCCEF01F0367B1EF93AE633691EC8F036E33003EBFA4230CA2EA04286A062A520DFA2A07B28F28421E7C1A2D88D7B3ADE96CAEA3935FF258C8516CD65274CE399CAA4EA3B70F7C00679D63F78A0AA2C838C7B3CA41B5AB50D643276E5B167645E68895B7AA0EE38696806AD2A7276E39E0400B1C0649CB9A09B6879853D2DC12EA6C08C8436BD714B3FB7ABF9751EDC03F87027565E9636EFC69E218AFAD55ADCFDD45AC666AA373891A36EF4C3BA1A63B3B8DABB94E5A0E0E621D15269B515ADC94AE7842BDABE45C0E2317ECC4A4B961C90629226CDD5D773A98DE269657F676035E0549F36C78C2B685CB731BF51879CD91AE644A3DB61372C4EE3393E0C229959EC5FE4FCC47D87AD14DB3F157FF9A48306D8586DF33626A5EF3B58E6A977E0477782A5DE46264611CAFC64FD896671DBF82FD01A78015ED9AFA3375B663DB8EAEF34773B58E7939CDBA25F8A06A8F0D4573A1BA19F6670610DA74539C0C5FC2444CB8A2325816C259C5EE054E6D8
2024-02-12 15:46:46.774266 ike 0: invalid IKE request SPI f5b58f2efc4057d7/07cfd3ff2c75e6ea:00000001
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.