Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tistopher
New Contributor

Created on ‎11-16-2020 04:10 AM

VPN's Will not come up. Looked through all settings FortiGate > Draytek Vigor

Hello Guys,

 

Hopefully someone can help!, I have tried NAT-T on and off doesn't do any joy. DPD is disabled. See below config of VPN on FortiGate side, the PSK is definately correct I've reset it loads of times. Basically I just se "sent IKE msg (P1_RETRANSMIT) all the time then the tunnel deletes the connection and resets and goes again. At first I though this might be an issue since both sides do not have static IP's (Only DDNS) - however I tried just to put the IP in that each side currently has and the same issue happens:

 

Config Below:

config vpn ipsec phase1-interface

    edit "VPN-House"         set type ddns         set interface "wan1"         set peertype any         set net-device disable         set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1         set dpd disable         set dhgrp 2         set remotegw-ddns "someonesDDNS.org"         set psksecret ENC fc2ZqgrLrWOa/CsEj1iW77PkPWytlmFMwe7eJD719tHfrVfyOZmtXQaQkPkh8u1Cc0R5pEciDmlNFCj4pLnRVwHe/JrHjvkcqIkJv2dmGBtE+fw/vtYDhFqWQ/OdOGPME+1WA4hfai8nUIuupQZPpQ2cZsY1DFdoYrPUP7EMy7Uu8ZKNvtykvfUN/1TbHE3Pty2vUA==     next

config vpn ipsec phase2-interface

    edit "VPN-House"         set phase1name "VPN-House"         set proposal aes128-sha1 aes128-md5         set pfs disable         set replay disable         set keylifeseconds 3600         set src-subnet 172.16.10.0 255.255.255.0         set dst-subnet 172.16.32.0 255.255.255.0     next

 

Debugging Below:

ike 0:VPN-House reset tunnel remote gw X.X.X.X ike 0:VPN-House: schedule auto-negotiate ike 0:VPN-House: deleted ike 0:VPN-House: set oper down ike 0: cache rebuild start ike 0:VPN-House: sending DNS request for remote peer someonesDDNS.org ike 0: send IPv4 DNS query : someonesDDNS.org ike 0:User-VPN: cached as dynamic ike 0: cache rebuild done ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: sending DNS request for remote peer someonesDDNS.org ike 0: send IPv4 DNS query : someonesDDNS.org ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: sending DNS request for remote peer someonesDDNS.org ike 0: send IPv4 DNS query : someonesDDNS.org ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0: DNS response received for remote gateway someonesDDNS.org ike 0: DNS someonesDDNS.org -> X.X.X.X ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: sending DNS request for remote peer someonesDDNS.org ike 0: send IPv4 DNS query : someonesDDNS.org ike 0: DNS response received for remote gateway someonesDDNS.org ike 0: DNS someonesDDNS.org -> X.X.X.X ike 0:VPN-House: 'someonesDDNS.org' resolved to X.X.X.X ike 0:VPN-House: set remote-gw X.X.X.X ike 0: cache rebuild start ike 0:VPN-House: local:X.X.X.X, remote:X.X.X.X ike 0:VPN-House: cached as static-ddns. ike 0:User-VPN: cached as dynamic ike 0: cache rebuild done ike 0:VPN-House: auto-negotiate connection ike 0:VPN-House: created connection: 0x57ff2a8 6 X.X.X.X->X.X.X.X:500. ike 0:VPN-House:126: initiator: main mode is sending 1st message... ike 0:VPN-House:126: cookie 314993691d73b8a8/0000000000000000 ike 0:VPN-House:126: out 314993691D73B8A8000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000 ike 0:VPN-House:126: sent IKE msg (ident_i1send): X.X.X.X:500->X.X.X.X:500, len=412, id=314993691d73b8a8/0000000000000000 ike 0:VPN-House:126: out 314993691D73B8A8000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000 ike 0:VPN-House:126: sent IKE msg (P1_RETRANSMIT): X.X.X.X:500->X.X.X.X:500, len=412, id=314993691d73b8a8/0000000000000000 ike 0:VPN-House:126: out 314993691D73B8A8000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000 ike 0:VPN-House:126: sent IKE msg (P1_RETRANSMIT): X.X.X.X:500->X.X.X.X:500, len=412, id=314993691d73b8a8/0000000000000000 ike 0:VPN-House:126: out 314993691D73B8A8000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000 ike 0:VPN-House:126: sent IKE msg (P1_RETRANSMIT): X.X.X.X:500->X.X.X.X:500, len=412, id=314993691d73b8a8/0000000000000000 ike 0:VPN-House:126: negotiation timeout, deleting ike 0:VPN-House: connection expiring due to phase1 down ike 0:VPN-House: deleting ike 0:VPN-House reset tunnel remote gw X.X.X.X ike 0:VPN-House: schedule auto-negotiate ike 0:VPN-House: deleted ike 0:VPN-House: set oper down ike 0: cache rebuild start ike 0:VPN-House: sending DNS request for remote peer someonesDDNS.org ike 0: send IPv4 DNS query : someonesDDNS.org ike 0:User-VPN: cached as dynamic ike 0: cache rebuild done ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0: DNS response received for remote gateway someonesDDNS.org ike 0: DNS someonesDDNS.org -> X.X.X.X ike 0:VPN-House: remote IPv4 DDNS gateway is empty, retry to resolve it ike 0:VPN-House: 'someonesDDNS.org' resolved to X.X.X.X ike 0:VPN-House: set remote-gw X.X.X.X ike 0: cache rebuild start ike 0:VPN-House: local:X.X.X.X, remote:X.X.X.X ike 0:VPN-House: cached as static-ddns. ike 0:User-VPN: cached as dynamic ike 0: cache rebuild done ike 0:VPN-House: auto-negotiate connection ike 0:VPN-House: created connection: 0x57ff2a8 6 X.X.X.X->X.X.X.X:500. ike 0:VPN-House:127: initiator: main mode is sending 1st message... ike 0:VPN-House:127: cookie 352ad45f8151c5d0/0000000000000000 ike 0:VPN-House:127: out 352AD45F8151C5D0000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000 ike 0:VPN-House:127: sent IKE msg (ident_i1send): X.X.X.X:500->X.X.X.X:500, len=412, id=352ad45f8151c5d0/0000000000000000 Home-FortiWiFi # diike 0:VPN-House:127: out 352AD45F8151C5D0000000000000000001100200000000000000019C0D0000B40000000100000001000000A8010100040300002801010000800B0001000C00040001518080010007800E00808003000180020004800400020300002802010000800B0001000C00040001518080010007800E01008003000180020004800400020300002803010000800B0001000C00040001518080010007800E00808003000180020002800400020000002804010000800B0001000C00040001518080010007800E01008003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000

 

Thanks,

Chris

 

8628
0 Kudos
10 REPLIES 10
Tistopher
New Contributor
In response to ede_pfau

Created on ‎11-16-2020 07:25 AM

Hello Ede,

 

I don't think it's switching it, I should have probably put x.x.x.x:500>y.y.y.y:500 that's the IKE port from my public IP to the other end.

Cheers,

Chris

881
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.