Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JoeBucar
New Contributor

Created on ‎03-20-2015 07:03 AM

VPN Phase 1 issue

Hello,

We are trying to replace a 60B with a 60D.  It appears that I am having a VPN issue.  I have several VPN's and 6 of 8 are working.  The most important VPN is not working.  When I test the VPN it fails and the error in the fortigate log is PHase 1.  I then did some reading on the CLI to execute debug and read that log and I expected to see a pre-shared key mismatch but I did not get one. Enclosed is the CLI log.  It talks about a PAYLOAD-MALFORMED message. I could use some help.

 

Thanks,

Joe

Preview file
5 KB
4150
0 Kudos
3 REPLIES 3
Shawn_W
Contributor

Created on ‎03-25-2015 06:50 AM

bump

1508
0 Kudos
Christopher_McMullan
Staff
Staff

Created on ‎03-25-2015 07:03 AM

From the debug:

ike 0:WAN2-UHCCAREA-Tunnel: created connection: 0x2492600 6 440.87.22.144->330.9.144.10:500.

 

Did you hide the first octet, or is the output as received?

 

440.x.x.x and 330.x.x.x are not valid IPs.

Regards, Chris McMullan Fortinet Ottawa

1517
0 Kudos
JoeBucar
New Contributor
In response to Christopher_McMullan

Created on ‎03-25-2015 07:13 AM

Hello,

I did change the IP addresses in the attachment.  I called support and he took the config file from the 60b and copied and pasted the pre-shared key into the 60d and the tunnel came up.  I then contacted the client again and the PSK we had on record was not the same that they had.  So the lesson is verify your PSK.

 

Thank You,

 

Joe 

 

1516
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.