When i try to connect to vpn through IPSEC IKv2 on specific devices its giving me no response from peer. i tried everything and even opened the specific ports on the firewall and router thought maybe it could block the connection and still the same issue.
Check ike debug on the receiving end (FGT):
> diag vpn ike log filter clear
> diag vpn ike log filter dst-addr4 <public IP of your client>
> diag debug app ike 63
> diag debug enable
didnt help ipsec has alot of problems everyday im getting a new issue and its not easy to solve
Those commands aren't supposed to help, they're supposed to generate outputs, which can then be analyzed to guide towards resolution or further analysis.
Hi @INT1 ,
It seems that the client is using FCT to connect to the IPSec VPN, which must be a dial-up VPN.
You mentioned "even opened the specific ports on the firewall and router": What specific ports are they?
Anyway, please make sure that port 4500 is open on the upstream router.
hello, the specific ports are 500 and 4500 on both the firewall and the router's firewall and still having an issue.
Hi @INT1 ,
Please run the pcap and verify the traffic from one end is reaching the other end
diag sniff packet any 'host x.x.x.x and (port 500 or port 4500)' 4 0 l >> where x.x.x.x is the remote peer IP
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.