Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiAymen
New Contributor

Created on ‎09-17-2017 07:08 AM

FortiGate and Sophos IPSec VPN configuration

Hello,

i have created an IPSec VPN tunnel between FortiGate 100E and Sophos UTM9

The tunnel does not work

this is the result of the command:

diagnose debug application ike -1

diagnose debug enable

---------------------------------------

ike 0: IKEv1 exchange=Identity Protection id=2df818125e167fdd/0000000000000000 len=256 ike 0: in 2DF818125E167FDD00000000000000000110020000000000000001000D00003800000001000000010000002C000100010000002400010000800B0001800C1E788001000780020001800E010080030001800400050D000014882FE56D6FD20DBC2251613B2EBE5BEB0D00001412F5F28C457168A9702D9FE274CC01000D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F000000144485152D18B6BBCD0BE8A8469579DDCC ike 0:2df818125e167fdd/0000000000000000:4132: responder: main mode get 1st message... ike 0:2df818125e167fdd/0000000000000000:4132: VID unknown (16): ��� ike 0:2df818125e167fdd/0000000000000000:4132: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100 ike 0:2df818125e167fdd/0000000000000000:4132: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712 ike 0:2df818125e167fdd/0000000000000000:4132: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:2df818125e167fdd/0000000000000000:4132: VID RFC 3947 4A131C81070358455C5728F20E95452F ike 0:2df818125e167fdd/0000000000000000:4132: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56 ike 0:2df818125e167fdd/0000000000000000:4132: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448 ike 0:2df818125e167fdd/0000000000000000:4132: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F ike 0:2df818125e167fdd/0000000000000000:4132: VID draft-ietf-ipsec-nat-t-ike-00 4485152D18B6BBCD0BE8A8469579DDCC ike 0:VPN_CVA_CVB: ignoring IKE request, no policy configured ike 0:2df818125e167fdd/0000000000000000:4132: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:2df818125e167fdd/0000000000000000:4132: no SA proposal chosen ike shrank heap by 126976 bytes

 

 

thank you in advence

9061
0 Kudos
1 REPLY 1
oheigl
Contributor II

Created on ‎09-17-2017 11:24 PM

You need to create a policy where the VPN interface is mentioned either as source or as destination interface:

ike 0:VPN_CVA_CVB: ignoring IKE request, no policy configured

Otherwise the FortiGate doesn't establish a tunnel, because with no policy for it - there is no reason to establish one.

1735
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.