VPN IPsec does not come up: troubleshooting

Alby23 · ‎11-24-2016

Hi all,

I'm trying to set up a VPN IPsec with an Endian Firewall but I'm not able to.

This is the output of the "diagnose debug application ike -1" on the FortiGate.

X.Y.W.Z is the IP of the FortiGate

A.B.C.D is the IP of the Endian Firewall.

ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:105: out 8D3DFB1F76D01C1800000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:105: sent IKE msg (P1_RETRANSMIT): X.Y.W.Z:500->A.B.C.D:500, len=164, id=8d3dfb1f76d01c18/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=8d3dfb1f76d01c18/77de3dce2b03d154:076fb303 len=40 ike 0: in 8D3DFB1F76D01C1877DE3DCE2B03D1540B100500076FB303000000280000000C000000010100000E ike 0:EndianFirewall:105: ignoring unsupported INFORMATIONAL message 0. ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike shrank heap by 126976 bytes ike 0:EndianFirewall:105: negotiation timeout, deleting ike 0:EndianFirewall: connection expiring due to phase1 down ike 0:EndianFirewall: deleting ike 0:EndianFirewall: flushing ike 0:EndianFirewall: flushed ike 0:EndianFirewall: deleted ike 0:EndianFirewall: schedule auto-negotiate ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: created connection: 0x1e2cd90 4 X.Y.W.Z->A.B.C.D:500. ike 0:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:500 negotiating ike 0:EndianFirewall: no suitable ISAKMP SA, queuing quick-mode request and initiating ISAKMP SA negotiation ike 0:EndianFirewall:106: initiator: main mode is sending 1st message... ike 0:EndianFirewall:106: cookie 01ecc9defc80e54d/0000000000000000 ike 0:EndianFirewall:106: out 01ECC9DEFC80E54D00000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:106: sent IKE msg (ident_i1send): X.Y.W.Z:500->A.B.C.D:500, len=164, id=01ecc9defc80e54d/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=01ecc9defc80e54d/7e49c14fc5c14c18:fc64b713 len=40 ike 0: in 01ECC9DEFC80E54D7E49C14FC5C14C180B100500FC64B713000000280000000C000000010100000E ike 0:EndianFirewall:106: ignoring unsupported INFORMATIONAL message 0. didedisike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:106: out 01ECC9DEFC80E54D00000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:106: sent IKE msg (P1_RETRANSMIT): X.Y.W.Z:500->A.B.C.D:500, len=164, id=01ecc9defc80e54d/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=01ecc9defc80e54d/d73ae856f45d83c5:da5cbed0 len=40 ike 0: in 01ECC9DEFC80E54DD73AE856F45D83C50B100500DA5CBED0000000280000000C000000010100000E ike 0:EndianFirewall:106: ignoring unsupported INFORMATIONAL message 0.

ede_pfau · ‎11-24-2016

One of the parameters in phase1 do not match. Could you please post the phase1-interface, phase2-interface config from CLI, and what you've configured on the remote firewall?

Ede Kernel panic: Aiee, killing interrupt handler!

VPN IPsec does not come up: troubleshooting

Nominate a Forum Post for Knowledge Article Creation