hello guys,
I'm new to Fortinet products, i wanted to ask a few question,
so i was setting up a Site-to-Site IPsec VPN between 2 Fortigate 60E(s), i'm creating this VPN connection through wizard, after i've configured the VPN, i tried to bring up the VPN from monitor -> IPsec, but the VPN is not up. When i opened the debug logs, it said that there's a "Probable Pre-shared Mismatch", after i changed it, it keeps showing th mismatch error, i've changed the PSK for 3 times, but on the third try, the GUI VPN Logs shows that there's still a "probable Pre-shared Mismatch". but when i saw from the CLI Debug Logs, it said that the Pre Shared key authentication is OK, and the SA IKE is OK too.
Can anyone help me with this problem, please?
there's my CLI log attached
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The second part of the log is showing the other side (y.y.y.y) is initiating the negotiation and this side (x.x.x.x) is accepting phase1 and phse2 selector. So problem seems to be on y.y.y.y side somehow dropping it when the phase2 acceptance packet arrived or doesn't see it.
Then the first part is showing when x.x.x.x side is trying to initiate the tunnel but couldn't get reply from y.y.y.y side after sending phase2 selector. And eventually times out.
Do the same debugging on y.y.y.y side if you don't see any config issue on that side.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.