Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
INT1
New Contributor III

No response from peer error

When i try to connect to vpn through IPSEC IKv2 on specific devices its giving me no response from peer. i tried everything and even opened the specific ports on the firewall and router thought maybe it could block the connection and still the same issue.

image (1).png

6 REPLIES 6
pminarik
Staff
Staff

Check ike debug on the receiving end (FGT):

 

> diag vpn ike log filter clear
> diag vpn ike log filter dst-addr4 <public IP of your client>

> diag debug app ike 63

> diag debug enable

[ corrections always welcome ]
INT1
New Contributor III

didnt help ipsec has alot of problems everyday im getting a new issue and its not easy to solve 

pminarik

Those commands aren't supposed to help, they're supposed to generate outputs, which can then be analyzed to guide towards resolution or further analysis.

[ corrections always welcome ]
dingjerry_FTNT

Hi @INT1 ,

 

It seems that the client is using FCT to connect to the IPSec VPN, which must be a dial-up VPN.

You mentioned "even opened the specific ports on the firewall and router":  What specific ports are they?

 

Anyway, please make sure that port 4500 is open on the upstream router.

 

Regards,

Jerry
INT1
New Contributor III

hello, the specific ports are 500 and 4500 on both the firewall and the router's firewall and still having an issue.

sjoshi
Staff
Staff

Hi @INT1 ,

 

Please run the pcap and verify the traffic from one end is reaching the other end

diag sniff packet any 'host x.x.x.x and (port 500 or port 4500)' 4 0 l >> where x.x.x.x is the remote peer IP

Let us know if this helps.
Salon Raj Joshi
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors