Hi,
I'm trying do do IPSEC between my Fortigate and a TP-Link MR 600 (4G router).
My Fortigate is traversing NAT.
The configuration seems fine on both ends but the phase 1 don't go up.
Here are the log messages (public IPs have been anonymised), I do not know what to look for :
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
accoarding to your log: it starts phase1 and it does negotiate proposals,DPD and NAT-T and due to NAT-T it then starts using Port 4500 (correct). However it does not get any more responses then to finish phase1 negotiation. It does retransmit the last message several times but gets no answer from your tplink and finally gives up saying "negotiation timeout".
Is there something between FGT and the TP-Link which the traffic has to pass? Then you will have to forwart 500/udp and 4500/udp to the tplink to solve that.
Also you could check the logs on the tplink to see if or why it doesn't repsond to your FGT anymore.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thank you for the answer, using fortianalyzer, I can see the messages coming from the TP-link on port 4500 and it seems that the fortigate is responding. Maybe the firewall is not having what it is looking for in the response from the TP-Link ?
I'll open a thread on the TP-Link forum the seak further explanations
either that or the answer comin from the FortiGate does - for whatever reason - not reach the tp-link. You might see that in some log on the tplink.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
unfortunatly, there is no log on the TP-Link regarding IPSEC.
I see both devices communicating on both port 500 and 4500.
The firmware I'm using on the TP-Link to activate the VPN IPSEC feature is a beta firmware. I'm asking TP-Link if there is an update or another firmware that I could try.
Hi, I have the same problem with a MR400. Have solved in some way?
Sorry but I've not.
I ended my tests because the client needed his router
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.