Hi,
We are using Fgt 1000c 5.2.2 build642
we are trying a Ipsec Vpn to CheckPoint R75 but
ipsec Phase 2 error "no matching phase2 found"
most config changes but nothing changed
2015-01-26 16:22:08 ike 0:REMOTRCHK:31321:3234: peer proposal is: peer:0:9x.1xx.1xx.2-9x.1xx.1xx.3:0, me:0:10.50.50.0-10.50.50.255:0
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:REMOTEVPNCHK:3234: trying
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: specified selectors mismatch
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: peer: type=7/7, local=0:10.50.50.0-10.50.50.255:0, remote=0:9x.1xx.1xx.2-9x.1xx.1xx.3:0
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: mine: type=7/7, local=0:10.50.50.0-10.50.50.255:0, remote=0:10.90.0.0-10.90.255.255:0
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: no matching phase2 found
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321:3234: failed to get responder proposal
2015-01-26 16:22:08 ike 0:REMOTEVPNCHK:31321: error processing quick-mode message from 9x.1xx.1xx.2 as responder
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, It looks like your phase 2 selectors don't match on both ends. They need to exactly mirror each other.
For example:
Peer1
Source: 192.168.1.0/24
Destination: 192.168.2.0/24
Peer 2
Source: 192.168.2.0/24
Destination: 192.168.1.0/24
jb
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.