Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
stevenp
New Contributor

IPsec phase 1 negotiation failure

Trying to figure why the IPsec phase 1 negation fails then is fixes itself after a few minutes. This is an on and off thing which has happened twice in 2 days.

Any tips to try figure the issue out

Thanks

 

Details:

Fortigate VM64-KVM

Version: 6.0.6

4 REPLIES 4
pjawalekar
Staff
Staff

Hi,
This issue seems to be an odd behavior related to firmware version.

As per your comments, I see that you are using 6.0.6 firmware version, which is end of support on 2022-09-29, Hence I suggest you to upgrade the firmware version to 6.2.X and above.
Regards
Pratik.


stevenp

I will be doing the update on this asap and see if it fixes the issue.

Thanks

seshuganesh
Staff
Staff

Hi,

 

If both ends are fortigate firewalls, execute these commands in both firewalls in both firewalls:

diag vpn ike log-filter dst-addr4 a.b.c.d (where a.b.c.d is the remote gateway ip)

diag debug application ike -1

 

Once you get the debug logs, please disable the debug using this command "diag debug disable"

diag debug enable

stevenp

unfortunately the other side isn't Fortigate. I will do a software update and see how that turns out.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors