I have IPsec IKE V1 remote access and I need to change it to V2.
After changing it to V2 I didn't connect to the tunnel giving the below warning in logs:
No response from the peer, phase1 retransmit reaches maximum count
Note that we uses Forti authenticator with FortiGate.
set type dynamic set interface "IPSec" set ike-version 2 set peertype any set net-device enable set mode-cfg enable set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256 set dpd on-idle set idle-timeout enable set idle-timeoutinterval 60 set ipv4-start-ip set ipv4-end-ip set ipv4-netmask set dns-mode auto set psksecret
2023-05-24 12:05:02.099273 ike 0:ForiVPN-04: connection expiring due to EAP failure 2023-05-24 12:05:02.099280 ike 0:ForiVPN-04: deleting 2023-05-24 12:05:02.099312 ike 0:ForiVPN-04: deleted
and the below error when disabling eap:
2023-05-24 12:21:18.333661 ike 0:ForiVPN-04:5044: peer identifier IPV4_ADDR 10.10.23.153 2023-05-24 12:21:18.333666 ike 0:ForiVPN-04:5044: re-validate gw ID 2023-05-24 12:21:18.333675 ike 0:ForiVPN-04:5044: gw validation failed 2023-05-24 12:21:18.333682 ike 0:ForiVPN-04:5044: schedule delete of IKE SA a72491f0596e0d2f/5979dd2ebd97470f 2023-05-24 12:21:18.333689 ike 0:ForiVPN-04:5044: scheduled delete of IKE SA a72491f0596e0d2f/5979dd2ebd97470f 2023-05-24 12:21:18.333708 ike 0:ForiVPN-04: connection expiring due to phase1 down 2023-05-24 12:21:18.333714 ike 0:ForiVPN-04: deleting 2023-05-24 12:21:18.333721 ike 0:ForiVPN-04: deleted
This is not much saying. Try to use user-group with local user account, for the start. Try to authenticate with it. If tunnel will be working, then start focusing on authentication part between FortiGate and radius/ldap.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.