good day all.
i am stuck with this error message on my IPsec tunnel and do not know how to proceed. can anyone assist me please.
id=20085 trace_id=342 func=print_pkt_detail line=5319 msg="vd-DPRVR01OUTR received a packet(proto =1, 10.20.192.8:44384->172.16.200.75:2048) from local. type=8, code=0, id=44384, seq=2." id=20085 trace_id=342 func=resolve_ip_tuple_fast line=5394 msg="Find an existing session, id-01fe 94f9, original direction" id=20085 trace_id=342 func=ipsecdev_hard_start_xmit line=178 msg="enter IPsec interface-VPN_SBSA- RASG" id=20085 trace_id=342 func=ipsec_common_output4 line=816 msg="No matching IPsec selector, drop"
how do i create a matching IPsec selector
regards
Troubled soul
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Check the local/remote subnets between the two vpn gateways. They need to match
example IPSEC S2S siteA to siteB
siteA
set src-subnet 10.1.1.0/24
set dst-subnet 10.1.2.0/24
siteB:
set dst-subnet 10.1.1.0/24
set src-subnet 10.1.2.0/24
You probably have the TS wrong in the phase2- settings
ken
PCNSE
NSE
StrongSwan
Thank you for your response.
i realised like what you said in your response that there are inconsistent gateway ips. however when i change my IP to the corressponding gateway my partner is using, my tunnel goes down and it will not come up. however when i run the diag debug the error message for no matching IP selectors stops. how can i troubleshoot the tunnel itself?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.