Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pahlevi29
New Contributor

VPN Not Up, GUI Log indicates mismatch PSK, CLI marks OK PSK

hello guys,

 

I'm new to Fortinet products, i wanted to ask a few question,

 

so i was setting up a Site-to-Site IPsec VPN between 2 Fortigate 60E(s), i'm creating this VPN connection through wizard, after i've configured the VPN, i tried to bring up the VPN from monitor -> IPsec, but the VPN is not up. When i opened the debug logs, it said that there's a "Probable Pre-shared Mismatch", after i changed it, it keeps showing th mismatch error, i've changed the PSK for 3 times, but on the third try, the GUI VPN Logs shows that there's still a "probable Pre-shared Mismatch". but when i saw from the CLI Debug Logs, it said that the Pre Shared key authentication is OK, and the SA IKE is OK too.

 

Can anyone help me with this problem, please? 

 

there's my CLI log attached 

1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

The second part of the log is showing the other side (y.y.y.y) is initiating the negotiation and this side (x.x.x.x) is accepting phase1 and phse2 selector. So problem seems to be on y.y.y.y side somehow dropping it when the phase2 acceptance packet arrived or doesn't see it. 

Then the first part is showing when x.x.x.x side is trying to initiate the tunnel but couldn't get reply from y.y.y.y side after sending phase2 selector. And eventually times out.

 

Do the same debugging on y.y.y.y side if you don't see any config issue on that side.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors