Hello team,
this is the scenario:
IPSec peers are both public ip so I left NAT-T disabled and enabled DPD Peer detection on demand for both firewalls.
As authentication I set PSK, IKEv1 Main (id protection) for both firewalls.
For the Phase1 Proposal part I configured AES256-SHA1 and DH 21 and 2 for both firewalls.
After that I configured the relevant policies and static route for both firewalls.
The problem is that phase1 does not go up. Running some debugging I see this in the logs:
I also ran a packet capture and I see traffic on port 500 for both firewalls:
Thanks in advance for the support
BR
Solved! Go to Solution.
Hi Luca
I mean your issue may occur if the remote peer IP (FG-B) is conflicting with an IP set on the local FortiGate (FG-A).
Try check on FG-A may be you have a VIP or IP pool that contains the remote peer IP. In that case during negotiation packets are sent to the local FG instead of FG-B.
Hi Luca
Check on your local FG if the remote peer IP is set on some interface or as VIP or IP pool.
Hi Luca
I mean your issue may occur if the remote peer IP (FG-B) is conflicting with an IP set on the local FortiGate (FG-A).
Try check on FG-A may be you have a VIP or IP pool that contains the remote peer IP. In that case during negotiation packets are sent to the local FG instead of FG-B.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.