Hi,
i set vpn refering this guide,
I have:
Fortigate 100F 6.0.2
Vmware 6.5 with NSX 6.3.5
(internal natted LAN 192.168.2.0/24) <-> Fortigate (WAN2 5.x.y.z)
<---------------------V P N I P S E C-------------------------------->
NSX (WAN 137.x.y.z) <-> (internal natted LAN 10.10.10.0/24)
config vpn ipsec phase1-interface
edit "fortigate2nsx"
set interface "wan2"
set keylife 28800
set peertype any
set proposal aes256-sha1
set dhgrp 14
set nattraversal disable
set remote-gw 137.x.y.z
set psksecret ENC *********************
next
end
config vpn ipsec phase2-interface
edit "fortigate2nsx"
set phase1name "fortigate2nsx"
set proposal aes256-sha1
set dhgrp 14
set src-addr-type name
set dst-addr-type name
set keylifeseconds 3600
set src-name "fortigate_internal_subnet_name"
set dst-name "nsx_internal_subnet_name"
next
end
on NSX
and get this error:
ike 0:fortigate2nsx:2904: out 47DBBA2A6E9F22CAA751F4EBE3AB9E7508****************************** ike 0:fortigate2nsx:2904: sent IKE msg (P2_RETRANSMIT): 5.x.y.z:500->137.x.y.z:500, len=428, id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:3e5c2006 ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Informational id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:121f175a len=76 ike 0: in 47DBBA2A6E9F22CAA751F4EB******************************************* ike 0:fortigate2nsx:2904: dec 47DBBA2A6E9F22CAA751F4E*************************** ike 0:fortigate2nsx:2904: notify msg received: INVALID-ID-INFORMATION ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Quick id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:c818312f len=428 ike 0: in 47DBBA2A6E9F22CAA751F4EBE3AB9E75081020****************************** ike 0:fortigate2nsx:2904:264199: responder received first quick-mode message ike 0:fortigate2nsx:2904: dec 47DBBA2A6E9F22CAA751F4EBE3AB9E75081020**************************** ike 0:fortigate2nsx:2904:264199: peer proposal is: peer:0:10.10.10.0-10.10.10.255:0, me:0:192.168.2.0-192.168.2.255:0 ike 0:fortigate2nsx:2904:fortigate2nsx:264199: trying ike 0:fortigate2nsx:2904:264199: no matching phase2 found ike 0:fortigate2nsx:2904:264199: failed to get responder proposal ike 0:fortigate2nsx:2904: error processing quick-mode message from 137.x.y.z as responder ike 0:fortigate2nsx:2904: out 47DBBA2A6E9F22CAA751F4EBE3AB9E75081020013E5C200************************** ike 0:fortigate2nsx:2904: sent IKE msg (P2_RETRANSMIT): 5.x.y.z:500->137.x.y.z:500, len=428, id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:3e5c2006 ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Informational id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:cca959f8 len=76 ike 0: in 47DBBA2A6E9F22CAA751F4EBE3AB9E7508100501CCA95********************************************** ike 0:fortigate2nsx:2904: dec 47DBBA2A6E9F22CAA751F4EBE3AB9E7508100501C******************************************** ike 0:fortigate2nsx:2904: notify msg received: INVALID-ID-INFORMATION ike 0:fortigate2nsx:2904:fortigate2nsx:264197: quick-mode negotiation failed due to retry timeout ike 0:fortigate2nsx:2904: send IKE SA delete 47dbba2a6e9f22ca/a751f4ebe3ab9e75 ike 0:fortigate2nsx:2904: enc 47DBBA2A6E9F22CAA751F4EBE3AB9E750810050118A8***************************** ike 0:fortigate2nsx:2904: out 47DBBA2A6E9F22CAA751F4EBE3AB9E7*************************** ike 0:fortigate2nsx:2904: sent IKE msg (ISAKMP SA DELETE-NOTIFY): 5.x.y.z:500->137.x.y.z:500, len=92, id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:18a86c52 ike 0:fortigate2nsx: connection expiring due to phase1 down ike 0:fortigate2nsx: deleting ike 0:fortigate2nsx: deleted ike 0:fortigate2nsx: set oper down ike 0:fortigate2nsx: schedule auto-negotiate ike 0:fortigate2nsx: carrier down ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Informational id=47dbba2a6e9f22ca/a751f4ebe3ab9e75:4bebd856 len=92 ike 0: in 47DBBA2A6E9F22CAA751F4EBE3AB9E7508100**************************************** ike 0: no established IKE SA for exchange-type Informational from 137.x.y.z:500->5.x.y.z 8 cookie 47dbba2a6e9f22ca/a751f4ebe3ab9e75, drop ike 0:fortigate2nsx: auto-negotiate connection ike 0:fortigate2nsx: created connection: 0x17cd46e0 8 5.x.y.z->137.x.y.z:500. ike 0:fortigate2nsx:2905: initiator: main mode is sending 1st message... ike 0:fortigate2nsx:2905: cookie 334fb40860461a9b/0000000000000000 ike 0:fortigate2nsx:2905: out 334FB40860461A9B00000000000000000110000000010000****************** ike 0:fortigate2nsx:2905: sent IKE msg (ident_i1send): 5.x.y.z:500->137.x.y.z:500, len=168, id=334fb40860461a9b/0000000000000000 ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Identity Protection id=334fb40860461a9b/d31f75929acc627c len=120 ike 0: in 334FB40860461A9BD31F75929ACC627C011002000000000********************** ike 0:fortigate2nsx:2905: initiator: main mode get 1st response... ike 0:fortigate2nsx:2905: VID unknown (12): OSW{UGAoLgKd ike 0:fortigate2nsx:2905: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:fortigate2nsx:2905: DPD negotiated ike 0:fortigate2nsx:2905: negotiation result ike 0:fortigate2nsx:2905: proposal id = 1: ike 0:fortigate2nsx:2905: protocol id = ISAKMP: ike 0:fortigate2nsx:2905: trans_id = KEY_IKE. ike 0:fortigate2nsx:2905: encapsulation = IKE/none ike 0:fortigate2nsx:2905: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256 ike 0:fortigate2nsx:2905: type=OAKLEY_HASH_ALG, val=SHA. ike 0:fortigate2nsx:2905: type=AUTH_METHOD, val=PRESHARED_KEY. ike 0:fortigate2nsx:2905: type=OAKLEY_GROUP, val=MODP2048. ike 0:fortigate2nsx:2905: ISAKMP SA lifetime=28800 ike 0:fortigate2nsx:2905: out 334FB40860461A9BD31F75929ACC627C0410020000000000000001340A00010************************* ike 0:fortigate2nsx:2905: sent IKE msg (ident_i2send): 5.x.y.z:500->137.x.y.z:500, len=308, id=334fb40860461a9b/d31f75929acc627c ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Identity Protection id=334fb40860461a9b/d31f75929acc627c len=308 ike 0: in 334FB40860461A9BD31F75929ACC627C04100200000000000000013****************************** ike 0:fortigate2nsx:2905: initiator: main mode get 2nd response... ike 0:fortigate2nsx:2905: nat unavailable ike 0:fortigate2nsx:2905: ISAKMP SA 334fb40860461a9b/d31f75929acc627c key 32:BA5B8277704C63DBA31FC32DF51406BBAE5145193D0FEB878DA9C883715CEC34 ike 0:fortigate2nsx:2905: add INITIAL-CONTACT ike 0:fortigate2nsx:2905: enc 334FB40860461A9BD31F75929ACC627C0510020100000000000000****************************** ike 0:fortigate2nsx:2905: out 334FB40860461A9BD31F75929ACC627C0510020100000000000000************************** ike 0:fortigate2nsx:2905: sent IKE msg (ident_i3send): 5.x.y.z:500->137.x.y.z:500, len=108, id=334fb40860461a9b/d31f75929acc627c ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Identity Protection id=334fb40860461a9b/d31f75929acc627c len=76 ike 0: in 334FB40860461A9BD31F75929ACC627C05100201000000000000004C14E2************************** ike 0:fortigate2nsx:2905: initiator: main mode get 3rd response... ike 0:fortigate2nsx:2905: dec 334FB40860461A9BD31F75929ACC627C05100201000000000000004************************ ike 0:fortigate2nsx:2905: peer identifier IPV4_ADDR 137.x.y.z ike 0:fortigate2nsx:2905: PSK authentication succeeded ike 0:fortigate2nsx:2905: authentication OK ike 0:fortigate2nsx:2905: established IKE SA 334fb40860461a9b/d31f75929acc627c ike 0:fortigate2nsx: set oper up ike 0:fortigate2nsx: schedule auto-negotiate ike 0:fortigate2nsx:2905: no pending Quick-Mode negotiations ike 0:fortigate2nsx: carrier up ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Quick id=334fb40860461a9b/d31f75929acc627c:8daa3b23 len=428 ike 0: in 334FB40860461A9BD31F75929ACC627C081020018DAA3B23000001AC *************** ike 0:fortigate2nsx:2905:264202: responder received first quick-mode message ike 0:fortigate2nsx:2905: dec 334FB40860461A9BD31F75929ACC627C081020018D************************* ike 0:fortigate2nsx:2905:264202: peer proposal is: peer:0:10.10.10.0-10.10.10.255:0, me:0:192.168.2.0-192.168.2.255:0 ike 0:fortigate2nsx:2905:fortigate2nsx:264202: trying ike 0:fortigate2nsx:2905:264202: no matching phase2 found ike 0:fortigate2nsx:2905:264202: failed to get responder proposal ike 0:fortigate2nsx:2905: error processing quick-mode message from 137.x.y.z as responder ike 0: comes 137.x.y.z:500->5.x.y.z:500,ifindex=8.... ike 0: IKEv1 exchange=Quick id=334fb40860461a9b/d31f75929acc627c:8daa3b23 len=428 ike 0: in 334FB40860461A9BD31F75929ACC627C081020018DAA3B23000001A********************* ike 0:fortigate2nsx:2905:264203: responder received first quick-mode message ike 0:fortigate2nsx:2905: dec 334FB40860461A9BD31F75929ACC627C081020018DAA3B23000001AC0***************** ike 0:fortigate2nsx:2905:264203: peer proposal is: peer:0:10.10.10.0-10.10.10.255:0, me:0:192.168.2.0-192.168.2.255:0 ike 0:fortigate2nsx:2905:fortigate2nsx:264203: trying ike 0:fortigate2nsx:2905:264203: no matching phase2 found ike 0:fortigate2nsx:2905:264203: failed to get responder proposal ike 0:fortigate2nsx:2905: error processing quick-mode message from 137.x.y.z as responder
somebody can help me?
thanks
