Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Received error notification from peer: INVALID_ID_INFORMATION

Hi, I am using Fortigate-200A 3.00,build0319,060724 trying to establish a site to site VPN to UK, created the IPSEC Phase 1 and Phase 2, fw address and policy The tunnel was created accroding to the information given by UK, please see the log access below. 1 2007-01-09 21:21:32 error negotiate Received error notification from peer: INVALID_ID_INFORMATION 2 2007-01-09 21:21:31 notice negotiate Initiator: sent 194.36.55.1 quick mode message #1 (OK) 3 2007-01-09 21:19:32 notice negotiate Initiator: parsed 194.36.55.1 main mode message #3 (DONE) 4 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #3 (OK) 5 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #2 (OK) 6 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #1 (OK) Please advise me what could have went wrong . P.S - we have had some countries such as Australia is connected to the UK network using the same network information given, which means their VPN server in UK is ready. Thanks Felix
13 REPLIES 13
bradhdds
New Contributor

i' m receiving the same info in my log. i' m trying to connect 2 fgt' s. one is running 3.0 build 219, the other is running 2.8 build 488. everything looks fine, but the tunnel will not come up. any help would be appreciated. bradley
FCNSP 300 FGTs 2 FMG 2 FLG
FCNSP 300 FGTs 2 FMG 2 FLG
rwpatterson
Valued Contributor III

What brand/model device are you trying to connect to?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
bradhdds
New Contributor

it' s fixed. the tunnel is from a fgt-60 to a fgt-50. the 60 is running 2.8 and the 50 is running 3.0. to fix the problem, i need to add source/destination addresses to the Quick Mode Selector. VPN --> IPSEC --> Auto Key --> Phase 2 --> Advanced --> Quick Mode Selector i added the source and destination networks and left ports/protocol at 0. the tunnel came up right away. this needs to be configured for tunnels between 3.0 and 2.8 devices as well as FGT' s running 3.0 and other vendors... PIX, SonicWall Thanks, Bradley
FCNSP 300 FGTs 2 FMG 2 FLG
FCNSP 300 FGTs 2 FMG 2 FLG
Not applicable

Thanks a lot it solved my problem. Best regards Ove Halseth
Not applicable

What solved your problem? I need to have a VPN between a Fortigate 100a and a cp ng ai r55 on voyager (nokia) and it seems to be impossible. Someone can explain to me where is the trick?
matchan
New Contributor

Hi Claudio, If you have access to the CP knowledge base there is a document about setting up a vpn between NGAI and a netscreen, the process should be pretty similar for replacing the netscreen with a fortigate. I have found with connecting FG V3 boxes to any other device (even FG2.8) that you seem to need to have the peer ids filled in and matching the remote devices setup (in cp speak,the encryption domain). Hope this helps Matt Chan
Not applicable

Hi, I have added the source and destiantio IP to the Quick Mode Selector but the problem continues See the log access event: 6 2007-01-09 21:21:32 error negotiate Received error notification from peer: INVALID_ID_INFORMATION 7 2007-01-09 21:21:31 notice negotiate Initiator: sent 194.x.x.1 quick mode message #1 (OK) 8 2007-01-09 21:19:32 notice negotiate Initiator: parsed 194.x.x.1 main mode message #3 (DONE) 9 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.x.x.1 main mode message #3 (OK) 10 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.x.x.1 main mode message #2 (OK) 11 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.x.x.1 main mode message #1 (OK) The UK office is runnign on Checkpoint FW-1 NGAI R55. Thanks Felix
rwpatterson
Valued Contributor III

Try removing PFS & DH groups from both sides of phase 2.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Hi I have removed the PFS & DH groups from P2 but the problem continues.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors