 
					
				
		
Created on ‎04-29-2009 04:43 AM
 
					
				
		
Created on ‎04-30-2009 01:10 AM
diag debug app ike 3 <ip address of remote firewall>and post that here. That might give some better indication as to what might be happening when trying to establish the tunnel.
id=20085 trace_id=47 func=ipsec_tunnel_output4 line=750 msg=" enter IPsec tunnel-DK-LANp1" id=20085 trace_id=47 func=ipsec_common_output4 line=555 msg=" SA is not ready yet, drop"G3rman is right. teh above snippet of debug from teh flow is simply saying, The tunnel is not up so I can' t go any further. Run teh Diag debug app ike as advised. Also idf possible try to look at the logs on teh other device at the same time. I would suspect that you have left your P2s at 0.0.0.0/0 whilst the other end is being more specific. The only reason I say that is because it is the most common mistake
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 704 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.