IKE_AUTH step is failing when Option DHCP is selected

Chandrasekhar1 · ‎09-22-2024

Hi All,

I am new to this forum, I am trying to setup VPN connection between Nokia 7750 SR router to FortiClient VPN,
below are the config settings.

Please note:- This issue happen only Option DHCP is selected, the VPN tunnel comes up correctly when manual IP is selected.

Forti VPN Client:-

Authentication Method:- Preshared Key

EAP is disabled

IKE version - 2

Options :- DHCP

PHASE-1

Encryption:- DES Authentication :- DES

DH Group:- 1

key Life:- 86400

No Local ID

No DPD

No NAT

No Enable Local LAN

Phase2 :-

Encryption:- DES Authentication :- DES

Key Life:- 43200

No Relay Detection

No PFS

7750 Router is config as IKEv2 with all the config matching to FortiClient VPN. For DHCP option router is dumping below messages.

failed because ipsec-gw has local-address-assignment configuration but IKE_AUTH did not contain a config payload."

Please find the attached screen shot of all the four packets attached,

It will be really help if you some one can find the root cause.

supajgo1 · ‎09-22-2024

Post the dhcpd logs, they probably say why it fails to start. Post the full "systemctl status <program>" or figure out where the program is sending logs to and post that https://tutuapp.uno/ .

IKE_AUTH step is failing when Option DHCP is selected

Nominate a Forum Post for Knowledge Article Creation