Hello ALL, this is the 1st time I visit this forum and hoping to get some help on my site-to-site VPN connection setup...
It' s a simple Policy-Based VPN using Pre-shared key between Forigate-60 & Checkpoint firewall. Getting " Negotiate SA Error: Peer' s id payloads do not match local policy." error on my Fortigate 60 device running FortiOS v3.0 trying to establish a IPSec tunnel (Preshared Key) with Checkpoint.
I have done the same setup from few other sites with Fortigate-60 device running FortiOS v2.8 software. The same Preshared Key, Encrption/Authentication method. The only different I can tell between the 2 version of OS is the option under the Phase 2 " Quick Mode Identities" section. v2.8 offer options of " Use selectors from policy" , " Use wildcard selectors" & " Specify a selector" while there seems only the last option is available under FortiOS v3.0. Have been using the default " Use selectors from policy" option on the other v2.8 devices and they all worked fine.
The event log on the v3.0 device showing...
Responder: sent xx.xx.xx.xx aggressive mode message #1 (OK)
Responder: parsed xx.xx.xx.xx afressive mode message #2 (DONE)
Negotiate SA Error: Peer' s id payloads do not match local policy.
Responder: parsed xx.xx.xx.xx quick mode message #1 (ERROR)
***repeating...
Did I overlook any new features with v3.0 or, should I consider downgrade the OS on this device??
Any suggestion or comment is greatly appreciated. 
It' s a simple Policy-Based VPN using Pre-shared key between Forigate-60 & Checkpoint firewall. Getting " Negotiate SA Error: Peer' s id payloads do not match local policy." error on my Fortigate 60 device running FortiOS v3.0 trying to establish a IPSec tunnel (Preshared Key) with Checkpoint.
I have done the same setup from few other sites with Fortigate-60 device running FortiOS v2.8 software. The same Preshared Key, Encrption/Authentication method. The only different I can tell between the 2 version of OS is the option under the Phase 2 " Quick Mode Identities" section. v2.8 offer options of " Use selectors from policy" , " Use wildcard selectors" & " Specify a selector" while there seems only the last option is available under FortiOS v3.0. Have been using the default " Use selectors from policy" option on the other v2.8 devices and they all worked fine.
The event log on the v3.0 device showing...
Responder: sent xx.xx.xx.xx aggressive mode message #1 (OK)
Responder: parsed xx.xx.xx.xx afressive mode message #2 (DONE)
Negotiate SA Error: Peer' s id payloads do not match local policy.
Responder: parsed xx.xx.xx.xx quick mode message #1 (ERROR)
***repeating...
Did I overlook any new features with v3.0 or, should I consider downgrade the OS on this device??
Any suggestion or comment is greatly appreciated.
Any more info on this? My 2.8 won' t pass traffic to my 3.0 either, even though the tunnel is up.
