Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Received error notification from peer: INVALID_ID_INFORMATION

Hi, I am using Fortigate-200A 3.00,build0319,060724 trying to establish a site to site VPN to UK, created the IPSEC Phase 1 and Phase 2, fw address and policy The tunnel was created accroding to the information given by UK, please see the log access below. 1 2007-01-09 21:21:32 error negotiate Received error notification from peer: INVALID_ID_INFORMATION 2 2007-01-09 21:21:31 notice negotiate Initiator: sent 194.36.55.1 quick mode message #1 (OK) 3 2007-01-09 21:19:32 notice negotiate Initiator: parsed 194.36.55.1 main mode message #3 (DONE) 4 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #3 (OK) 5 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #2 (OK) 6 2007-01-09 21:19:31 notice negotiate Initiator: sent 194.36.55.1 main mode message #1 (OK) Please advise me what could have went wrong . P.S - we have had some countries such as Australia is connected to the UK network using the same network information given, which means their VPN server in UK is ready. Thanks Felix
13 REPLIES 13
rwpatterson
Valued Contributor III

Shoot a ticket over to Fortinet support. Make sure you have the PIX firmware version as well as the Fortigate IOS version. There may be an incompatability between the two.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Hi, i have created a ticket with Fortinet support, They have suggesed to include the fortigate IP which i have given to UK (for authentication) in the Phase 1 local ID but the problem continues..... so i far, i have tried to include the IP in the local ID, remove the PFS and DHG in Phase 2 disable the replay detection in phase 2 include the source address, destination address in quick mode selector 0 value in source and destination port in quick mode selector not sure what else we are try... I will try to buzz them again. thanks Felix
rwpatterson
Valued Contributor III

I' m assuming you' re doing the same thing on both ends. . . They need to match exactly before any information can be exchanged for authentication.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
red_adair
New Contributor III

" invalid_id_information" very likely means that the " Quick mode selectors" are not compatible. (Phase2 - advanced). This should specify the src/dst Networks; as specified the opposite way on the other side. These are your friends: #diag debug ena #diag debug app ike 3 Be advised that PIX will create a separate SA for each connected Subnet.! -R.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors