Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
renjithmusafir
New Contributor

Forticlient - Unable to establish vpn - IPSEC

Hello,

 

Okay, I am burning my head on this for the past few days

I have created an ipsec forticlient vpn on a fortigate 70d and is not able to connect. Error on windows pc goes like this

VPN Connection Failed. Please check your configuration, network conenction and pre-shared key, then retry your connection......

Forticlient log goes like this 

3/24/2015 11:37:18 AM Notice VPN id=96566 msg="negotiation information, loc_ip=xxx.xxx.xxx.xxx loc_port=500 rem_ip=xx.xx.xx.xx rem_port=500 out_if=0 vpn_tunnel=New nav action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent xx.xx.xx.xx aggressive mode message #1 (OK)" vpntunnel="New nav" vpntype=ipsec

3/24/2015 11:37:18 AM Error VPN id=96567 msg="negotiation error, loc_ip=xxx.xxx.xxx.xxx loc_port=4500 rem_ip=xx.xx.xx.xx rem_port=4500 out_if=0 vpn_tunnel=New nav status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed xx.xx.xx.xx aggressive mode message #1 " vpntunnel="New nav" vpntype=ipsec

 

3/24/2015 11:37:30 AM Warning VPN id=96561 msg="locip=xxx.xxx.xxx.xxx locport=4500 remip=xx.xx.xx.xx remport=4500 outif=0 vpntunnel=New nav status=negotiate_error No response from the peer, phase1 retransmit reaches maximum count..." vpntunnel="New nav" vpntype=ipsec

In Mac it goes like this, 

Preshared key is incorrect 

I know the preshared key is correct.This connection was working until 2 weeks back. Dont know what went wrong.

The fortigate log says " Action : negotiate   Status: failureprogress Message: IPsec phase 1

 

 Any help would be much appreciated. 

2 REPLIES 2
Rewanta_FTNT
Staff
Staff

hi, 

 

looking into the vpn event logs, it seems like negotations errors this would mainly happen due to mis-configuration. 

 

-you can debug the ike (isakmp packets) from fgt

diag debug rest

diag debug console timestamp enable

diag vpn ike log-filter dst-addr4 <client_public_ip>

diag debug app ike -1

-vpn configuration. 

 

You may follow the videos:

http://docs.fortinet.com/d/fortigate-video-ipsec-vpn

 

thanks,

rewanta

 

vladyka

Hi renjithmusafir - did you manage to resolve this issue? I'm having the same problem and have spent a couple of hours trying to solve it but without success.

 

many thanks,

Regards,

Igor

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors