Hello,
I have configured an IPsec tunnel with IKE v.2 and while troubleshooting the IKE, I'm receiving an unexpected authentication error:
ike 0:Trafix_Primary:250162: sent IKE msg (AUTH): x.x.x.x:500->y.y.y.y:500, len=240, id=ad648cb05124d8e0/5f1eee772599fd55:00000001 ike 0: comes y.y.y.y:500->x.x.x.x:500,ifindex=5.... ike 0: IKEv2 exchange=AUTH_RESPONSE id=ad648cb05124d8e0/5f1eee772599fd55:00000001 len=80 ike 0:Trafix_Primary:250162: initiator received AUTH msg ike 0:Trafix_Primary:250162: received notify type AUTHENTICATION_FAILED
The problem is that I haven't configured any AUTH in the phase 1 interface:
edit "Ph1" set interface "wan1" set ike-version 2 set peertype any set net-device disable set proposal aes256-sha256 set dhgrp 2 set remote-gw y.y.y.y set psksecret .... next
Does anybody know where is this failing authentication coming from and how can I resolve the issue? I'm running 6.2.
Thanks
You're using PSK for AUTH. Likely the PSK is not matching on the other end and it's replying a NOTIFY message with "AUTHENTICATION_FAILED".
This was the problem indeed. I was confused, because I was used in IKE v. 1 debugging, where the PSK mismatch looks different.
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.