Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mourad_Aloui
New Contributor

IPSec negotiation failure

 

 

I have a probleme with negotiation 

 

5 REPLIES 5
ede_pfau
Esteemed Contributor III

If (IF) this is truly a phase2 error, then it might be

- mismatching QM selectors (a.k.a. "protected domains")

- PFS setting mismatch

- if this is a dial-in tunnel: failure to assign client IP address

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Mourad_Aloui
New Contributor

Hello,

Thanks for your feedback. The problem still exists, today in the morning the tunnel is down but after an hour it is up.

 

emnoc
Esteemed Contributor III

is DPD enable?

what's the other end ? ( fgt panw csco forcepoint jnpr ) 

if you "vpn ike gateway clear" does that speed up the recover ?

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Mourad_Aloui

The remote device is FortiGate.

The recover speedly 

emnoc
Esteemed Contributor III

Could you have bad internet access? This might explain the interruptions

 

For the ipsec-sa make sure auto negotiate is enabled for speedy recovery

 

 

config vpn ipsec phase2-interface

   edit < name >

        

       set auto-negotiate enable

 

end

 

Depending on FortiOS this might not be set automatically.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors