Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ilyas_mir
New Contributor

connection expiring due to phase1 down Site-to-Site

hi there. i have a problem with fortigate IPSEC actually i'm not using the fortigate products thats why im posted my problem.

 

So...

 

i have 2 tunnels VPN between

  

fortigate and zywall - successful installed no problem but between cisco and fortigate c300 i have the error message from VPN LOGs (scn attached below) i dont now what it is mean. i asked from google whats going on whats the problem...? ok this's my [style="background-color: #ff9900;"]diag debug[style="background-color: #ffffff;"]   from ssh[/style][/style]

 

 

DYU-T1-FF-MIT-FW-01 $ ike 0:IPSEC_AMADEUS: auto-negotiate connection ike 0:IPSEC_AMADEUS: created connection: 0xa5230e8 2 10.10.10.1->10.10.10.2:500. ike 0:IPSEC_AMADEUS:IPSEC_AMADEUS: chosen to populate IKE_SA traffic-selectors ike 0:IPSEC_AMADEUS: no suitable IKE_SA, queuing CHILD_SA request and initiating IKE_SA negotiation ike 0:IPSEC_AMADEUS:702734: out 354748B3240D3BDD00000000000000002120220800000000000000EC220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E00000008040000152800008C0015000000513BEDC13A1C605504A645F6AFCE19B0729F508263B8C5E1D692DBB37DCC347ADDFE0927E683766B175C2F8F14D048AF3719F63C952E21C3C2268F5ABF67EB189D01F77BE99FF14408E73C9A85C0529825E6FC309305A633C8575F02113B8911A8BDB6F345989D235B1D6B1A43F0C89C7EF265BCAC6DDC5A866952FEEB33DD3BA2F59F0000001477EBCD7B8A1CC2BA97F88912856038AD ike 0:IPSEC_AMADEUS:702734: sent IKE msg (SA_INIT): 10.10.10.1->10.10.10.2:500, len=236, id=354748b3240d3bdd/0000000000000000 ike 0: comes 10.10.10.1->10.10.10.2:500,ifindex=2.... ike 0: IKEv2 exchange=SA_INIT_RESPONSE id=354748b3240d3bdd/86c7b0e3733f722d len=405 ike 0: in 354748B3240D3BDD86C7B0E3733F722D212022200000000000000195220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E00000008040000152800008C0015000001AFFB3D929DA70A43866698F8966510922D9EB5E7FB4DF74FBF0BD8B8A85D7F113B4E10375668EB950B824A3EFC94D27FD93AAE5FE02E172A0FCBFC12C84CE3DB7201451B7FA9C72EC23DF9AC911D3B17601BAD0A9497E51E89BC19AF65FB74A5CFAE4757B61530621AE18D90D89A5AFB242F6D48E14283C151D4ADC068D4D01ED72D5C2B000044CD10FD89438A363CE61F485AF3B20FB88E172620584D856C1F7123D9411ECE9F3375510A022730C0DCB657B7EE8AAFDD3EB7904B150E0E6608CE0446C087089A2B000017434953434F2D44454C4554452D524541534F4E2B00003B434953434F28434F505952494748542926436F7079726967687420286329203230303920436973636F2053797374656D732C20496E632E2B000013434953434F2D4752452D4D4F444502000000144048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:IPSEC_AMADEUS:702734: initiator received SA_INIT response ike 0:IPSEC_AMADEUS:702734: incoming proposal: ike 0:IPSEC_AMADEUS:702734: proposal id = 1: ike 0:IPSEC_AMADEUS:702734: protocol = IKEv2: ike 0:IPSEC_AMADEUS:702734: encapsulation = IKEv2/none ike 0:IPSEC_AMADEUS:702734: type=ENCR, val=AES_CBC (key_len = 256) ike 0:IPSEC_AMADEUS:702734: type=INTEGR, val=AUTH_HMAC_SHA2_512_256 ike 0:IPSEC_AMADEUS:702734: type=PRF, val=PRF_HMAC_SHA2_512 ike 0:IPSEC_AMADEUS:702734: type=DH_GROUP, val=ECP521. ike 0:IPSEC_AMADEUS:702734: matched proposal id 1 ike 0:IPSEC_AMADEUS:702734: proposal id = 1: ike 0:IPSEC_AMADEUS:702734: protocol = IKEv2: ike 0:IPSEC_AMADEUS:702734: encapsulation = IKEv2/none ike 0:IPSEC_AMADEUS:702734: type=ENCR, val=AES_CBC (key_len = 256) ike 0:IPSEC_AMADEUS:702734: type=INTEGR, val=AUTH_HMAC_SHA2_512_256 ike 0:IPSEC_AMADEUS:702734: type=PRF, val=PRF_HMAC_SHA2_512 ike 0:IPSEC_AMADEUS:702734: type=DH_GROUP, val=ECP521. ike 0:IPSEC_AMADEUS:702734: lifetime=86400 ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ei 32:EDFAFCCC6E41616A64568D5AD4D537E7EE84D3498DDF189B7D74B8EBC203785B ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_er 32:82A2688D8CC64C80A7FACAED2A1DFD6A26F2AF7BCC3F4BD79F810A9BBD136108 ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ai 64:1160304CDBD5A43DD648FBA98AE5FEC16F199D28E79246AF34E94697DC49EF59A7FA647BA2D098D543E8EED618A0B6304AF49282A7A0FA945C881C2111AADB7B ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ar 64:5833C49F18FDE89EDDC3E02FFE9BA868D719F1B88FADC7109DE4A7EC863A8C31F652AF757CA61844B53610576A3A9EB49CA8A4E38722EB8250F2DEE25A0923E6 ike 0:IPSEC_AMADEUS:702734: initiator preparing AUTH msg ike 0:IPSEC_AMADEUS:702734: sending INITIAL-CONTACT ike 0:IPSEC_AMADEUS:702734: enc 2900000C010000005BDAA3AC270000080000400029000048020000002EF1B55DAEA59AABB9C99158EB48611D24038804010EA0A4B0BC03E36440655A57BF1CB18B24F56C22C4DA27186FF31625EA184D27FF785628C5825C4B446EE621000008000040242C00002C0000002801030403286AD0E30300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF000000A80A000000070000100000FFFFAB1124BFAB1124BF070000100000FFFFAB1126BFAB1126BF070000100000FFFFAB112602AB112602070000100000FFFFC29CAACFC29CAACF070000100000FFFFC24CA621C24CA621070000100000FFFFAB1125BFAB1125BF070000100000FFFFAB1127BFAB1127BF070000100000FFFFAB112702AB112702070000100000FFFFC29CAAD0C29CAAD0070000100000FFFFC24CA622C24CA6220F0E0D0C0B0A0908070605040302010F ike 0:IPSEC_AMADEUS:702734: out 354748B3240D3BDD86C7B0E3733F722D2E20230800000001000001B02300019421CD20EB5E9C4BAF8D3555A3DED9720C5F5E17FF617748C8B5414BF9CC1C5A6FDCB25CC7335074D4A28E46D083EA12107E39C439FD297D5176D2451AFDCF65648076658EC16C0BE816196DBBCAC59CA8976D0A99A0A829C003879C86CAF4887E8A91060E07440988E99596E298C3651BE7FA040C4352FAF8328AF5559D37C2030CE856F10E1ACEF626C2AEDEC44E63BFC7FC166A280B6F5A4CEEA2BC707B7E83CE18B8F7D38F70DF848A48129F3D359A77AB06A0973B67B052BE7565CC6663884D99EB15F5D7356EC10FAAF27A9FD96667BE4D5F1E6FB025485A9F6D5F0C9E808C9E29B2611B5CB2BB07FDFF5294E9DBE3EBEB5B92D882D932F0D7AD14FFC7B569E96D4D06D5E423DD849B0B45602F327D6CF087572F70EB050ECADB5A595F3160337B29851E8A30B8C66A8CFD9468FF990A801DA5E732CB142E6B5C284B66FF545BB9E74C7F766294A4EC6979D60E4BE1169283C3D33FD03C7FB036E405373D85096C7966604E8371D953F6F1D8B8C2B906DAE404A543BD6711263BBFA32325EA1CF0805D720EBAD9AFD8467F35CCCF ike 0:IPSEC_AMADEUS:702734: sent IKE msg (AUTH): 10.10.10.1->10.10.10.2:500, len=432, id=354748b3240d3bdd/86c7b0e3733f722d:00000001 ike 0: comes 10.10.10.1->10.10.10.2:500,ifindex=2.... ike 0: IKEv2 exchange=AUTH_RESPONSE id=354748b3240d3bdd/86c7b0e3733f722d:00000001 len=208 ike 0: in 354748B3240D3BDD86C7B0E3733F722D2E20232000000001000000D02B0000B46428EA1F9531F0A9C750F82A506BF3C64A1126113EA90D1F271015A3DDD906B9B32A14EE9D946037C4A2954A9A7F3D7E6739A80429009604FF40E16B5B2DB54D29875122ACE579038B4F5408255A45F33575BB9003E69F1F7564CEC7F7B10BCBD2C532CD9FD30703252CB3500B738282008CD1DFCDCC5D9C26D704114E69B5291CCE62B5E4FF7217A5F979D5CF26F821D893464DE1F743BB99D65C6D19C36DD5ED517E8B63701E65B69C11826EDBBA84 ike 0:IPSEC_AMADEUS:702734: dec 354748B3240D3BDD86C7B0E3733F722D2E20232000000001000000902B0000042400001484C7B1E36008816A19C952DE3FD4393E2700000C01000000AB1190CF2900004802000000B72126FEE8DB6C380AE8EEF5B675E4491B1DFF7311EAA6B72C204CFBF5465C33E593E7C8D938DC807FE8208DCA9DF0AEC76762C52965E294FD7A1745A6F3C4720000000801000026 ike 0:IPSEC_AMADEUS:702734: initiator received AUTH msg ike 0:IPSEC_AMADEUS:702734: peer identifier IPV4_ADDR 10.10.10.2 ike 0:IPSEC_AMADEUS:702734: auth verify done ike 0:IPSEC_AMADEUS:702734: initiator AUTH continuation ike 0:IPSEC_AMADEUS:702734: authentication succeeded ike 0:IPSEC_AMADEUS:702734: received notify type TS_UNACCEPTABLE ike 0:IPSEC_AMADEUS:702734: processing child notify type TS_UNACCEPTABLE ike 0:IPSEC_AMADEUS:702734: malformed message ike 0:IPSEC_AMADEUS:702734: schedule delete of IKE SA 354748b3240d3bdd/86c7b0e3733f722d ike 0:IPSEC_AMADEUS:702734: scheduled delete of IKE SA 354748b3240d3bdd/86c7b0e3733f722d ike 0:IPSEC_AMADEUS: [style="background-color: #ff0000;"]connection expiring due to phase1 down                      WHAT IS MEAN[/style] ike 0:IPSEC_AMADEUS: deleting ike 0:IPSEC_AMADEUS: flushing ike 0:IPSEC_AMADEUS: flushed ike 0:IPSEC_AMADEUS: deleted ike 0:IPSEC_AMADEUS: schedule auto-negotiate

 

 

Thanks for helping... 

10 REPLIES 10
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors