hi there. i have a problem with fortigate IPSEC actually i'm not using the fortigate products thats why im posted my problem.
So...
i have 2 tunnels VPN between
fortigate and zywall - successful installed no problem but between cisco and fortigate c300 i have the error message from VPN LOGs (scn attached below) i dont now what it is mean. i asked from google whats going on whats the problem...? ok this's my [style="background-color: #ff9900;"]diag debug[style="background-color: #ffffff;"] from ssh[/style][/style]
DYU-T1-FF-MIT-FW-01 $ ike 0:IPSEC_AMADEUS: auto-negotiate connection ike 0:IPSEC_AMADEUS: created connection: 0xa5230e8 2 10.10.10.1->10.10.10.2:500. ike 0:IPSEC_AMADEUS:IPSEC_AMADEUS: chosen to populate IKE_SA traffic-selectors ike 0:IPSEC_AMADEUS: no suitable IKE_SA, queuing CHILD_SA request and initiating IKE_SA negotiation ike 0:IPSEC_AMADEUS:702734: out 354748B3240D3BDD00000000000000002120220800000000000000EC220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E00000008040000152800008C0015000000513BEDC13A1C605504A645F6AFCE19B0729F508263B8C5E1D692DBB37DCC347ADDFE0927E683766B175C2F8F14D048AF3719F63C952E21C3C2268F5ABF67EB189D01F77BE99FF14408E73C9A85C0529825E6FC309305A633C8575F02113B8911A8BDB6F345989D235B1D6B1A43F0C89C7EF265BCAC6DDC5A866952FEEB33DD3BA2F59F0000001477EBCD7B8A1CC2BA97F88912856038AD ike 0:IPSEC_AMADEUS:702734: sent IKE msg (SA_INIT): 10.10.10.1->10.10.10.2:500, len=236, id=354748b3240d3bdd/0000000000000000 ike 0: comes 10.10.10.1->10.10.10.2:500,ifindex=2.... ike 0: IKEv2 exchange=SA_INIT_RESPONSE id=354748b3240d3bdd/86c7b0e3733f722d len=405 ike 0: in 354748B3240D3BDD86C7B0E3733F722D212022200000000000000195220000300000002C010100040300000C0100000C800E01000300000802000007030000080300000E00000008040000152800008C0015000001AFFB3D929DA70A43866698F8966510922D9EB5E7FB4DF74FBF0BD8B8A85D7F113B4E10375668EB950B824A3EFC94D27FD93AAE5FE02E172A0FCBFC12C84CE3DB7201451B7FA9C72EC23DF9AC911D3B17601BAD0A9497E51E89BC19AF65FB74A5CFAE4757B61530621AE18D90D89A5AFB242F6D48E14283C151D4ADC068D4D01ED72D5C2B000044CD10FD89438A363CE61F485AF3B20FB88E172620584D856C1F7123D9411ECE9F3375510A022730C0DCB657B7EE8AAFDD3EB7904B150E0E6608CE0446C087089A2B000017434953434F2D44454C4554452D524541534F4E2B00003B434953434F28434F505952494748542926436F7079726967687420286329203230303920436973636F2053797374656D732C20496E632E2B000013434953434F2D4752452D4D4F444502000000144048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:IPSEC_AMADEUS:702734: initiator received SA_INIT response ike 0:IPSEC_AMADEUS:702734: incoming proposal: ike 0:IPSEC_AMADEUS:702734: proposal id = 1: ike 0:IPSEC_AMADEUS:702734: protocol = IKEv2: ike 0:IPSEC_AMADEUS:702734: encapsulation = IKEv2/none ike 0:IPSEC_AMADEUS:702734: type=ENCR, val=AES_CBC (key_len = 256) ike 0:IPSEC_AMADEUS:702734: type=INTEGR, val=AUTH_HMAC_SHA2_512_256 ike 0:IPSEC_AMADEUS:702734: type=PRF, val=PRF_HMAC_SHA2_512 ike 0:IPSEC_AMADEUS:702734: type=DH_GROUP, val=ECP521. ike 0:IPSEC_AMADEUS:702734: matched proposal id 1 ike 0:IPSEC_AMADEUS:702734: proposal id = 1: ike 0:IPSEC_AMADEUS:702734: protocol = IKEv2: ike 0:IPSEC_AMADEUS:702734: encapsulation = IKEv2/none ike 0:IPSEC_AMADEUS:702734: type=ENCR, val=AES_CBC (key_len = 256) ike 0:IPSEC_AMADEUS:702734: type=INTEGR, val=AUTH_HMAC_SHA2_512_256 ike 0:IPSEC_AMADEUS:702734: type=PRF, val=PRF_HMAC_SHA2_512 ike 0:IPSEC_AMADEUS:702734: type=DH_GROUP, val=ECP521. ike 0:IPSEC_AMADEUS:702734: lifetime=86400 ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ei 32:EDFAFCCC6E41616A64568D5AD4D537E7EE84D3498DDF189B7D74B8EBC203785B ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_er 32:82A2688D8CC64C80A7FACAED2A1DFD6A26F2AF7BCC3F4BD79F810A9BBD136108 ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ai 64:1160304CDBD5A43DD648FBA98AE5FEC16F199D28E79246AF34E94697DC49EF59A7FA647BA2D098D543E8EED618A0B6304AF49282A7A0FA945C881C2111AADB7B ike 0:IPSEC_AMADEUS:702734: IKE SA 354748b3240d3bdd/86c7b0e3733f722d SK_ar 64:5833C49F18FDE89EDDC3E02FFE9BA868D719F1B88FADC7109DE4A7EC863A8C31F652AF757CA61844B53610576A3A9EB49CA8A4E38722EB8250F2DEE25A0923E6 ike 0:IPSEC_AMADEUS:702734: initiator preparing AUTH msg ike 0:IPSEC_AMADEUS:702734: sending INITIAL-CONTACT ike 0:IPSEC_AMADEUS:702734: enc 2900000C010000005BDAA3AC270000080000400029000048020000002EF1B55DAEA59AABB9C99158EB48611D24038804010EA0A4B0BC03E36440655A57BF1CB18B24F56C22C4DA27186FF31625EA184D27FF785628C5825C4B446EE621000008000040242C00002C0000002801030403286AD0E30300000C0100000C800E0100030000080300000E00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF000000A80A000000070000100000FFFFAB1124BFAB1124BF070000100000FFFFAB1126BFAB1126BF070000100000FFFFAB112602AB112602070000100000FFFFC29CAACFC29CAACF070000100000FFFFC24CA621C24CA621070000100000FFFFAB1125BFAB1125BF070000100000FFFFAB1127BFAB1127BF070000100000FFFFAB112702AB112702070000100000FFFFC29CAAD0C29CAAD0070000100000FFFFC24CA622C24CA6220F0E0D0C0B0A0908070605040302010F ike 0:IPSEC_AMADEUS:702734: out 354748B3240D3BDD86C7B0E3733F722D2E20230800000001000001B02300019421CD20EB5E9C4BAF8D3555A3DED9720C5F5E17FF617748C8B5414BF9CC1C5A6FDCB25CC7335074D4A28E46D083EA12107E39C439FD297D5176D2451AFDCF65648076658EC16C0BE816196DBBCAC59CA8976D0A99A0A829C003879C86CAF4887E8A91060E07440988E99596E298C3651BE7FA040C4352FAF8328AF5559D37C2030CE856F10E1ACEF626C2AEDEC44E63BFC7FC166A280B6F5A4CEEA2BC707B7E83CE18B8F7D38F70DF848A48129F3D359A77AB06A0973B67B052BE7565CC6663884D99EB15F5D7356EC10FAAF27A9FD96667BE4D5F1E6FB025485A9F6D5F0C9E808C9E29B2611B5CB2BB07FDFF5294E9DBE3EBEB5B92D882D932F0D7AD14FFC7B569E96D4D06D5E423DD849B0B45602F327D6CF087572F70EB050ECADB5A595F3160337B29851E8A30B8C66A8CFD9468FF990A801DA5E732CB142E6B5C284B66FF545BB9E74C7F766294A4EC6979D60E4BE1169283C3D33FD03C7FB036E405373D85096C7966604E8371D953F6F1D8B8C2B906DAE404A543BD6711263BBFA32325EA1CF0805D720EBAD9AFD8467F35CCCF ike 0:IPSEC_AMADEUS:702734: sent IKE msg (AUTH): 10.10.10.1->10.10.10.2:500, len=432, id=354748b3240d3bdd/86c7b0e3733f722d:00000001 ike 0: comes 10.10.10.1->10.10.10.2:500,ifindex=2.... ike 0: IKEv2 exchange=AUTH_RESPONSE id=354748b3240d3bdd/86c7b0e3733f722d:00000001 len=208 ike 0: in 354748B3240D3BDD86C7B0E3733F722D2E20232000000001000000D02B0000B46428EA1F9531F0A9C750F82A506BF3C64A1126113EA90D1F271015A3DDD906B9B32A14EE9D946037C4A2954A9A7F3D7E6739A80429009604FF40E16B5B2DB54D29875122ACE579038B4F5408255A45F33575BB9003E69F1F7564CEC7F7B10BCBD2C532CD9FD30703252CB3500B738282008CD1DFCDCC5D9C26D704114E69B5291CCE62B5E4FF7217A5F979D5CF26F821D893464DE1F743BB99D65C6D19C36DD5ED517E8B63701E65B69C11826EDBBA84 ike 0:IPSEC_AMADEUS:702734: dec 354748B3240D3BDD86C7B0E3733F722D2E20232000000001000000902B0000042400001484C7B1E36008816A19C952DE3FD4393E2700000C01000000AB1190CF2900004802000000B72126FEE8DB6C380AE8EEF5B675E4491B1DFF7311EAA6B72C204CFBF5465C33E593E7C8D938DC807FE8208DCA9DF0AEC76762C52965E294FD7A1745A6F3C4720000000801000026 ike 0:IPSEC_AMADEUS:702734: initiator received AUTH msg ike 0:IPSEC_AMADEUS:702734: peer identifier IPV4_ADDR 10.10.10.2 ike 0:IPSEC_AMADEUS:702734: auth verify done ike 0:IPSEC_AMADEUS:702734: initiator AUTH continuation ike 0:IPSEC_AMADEUS:702734: authentication succeeded ike 0:IPSEC_AMADEUS:702734: received notify type TS_UNACCEPTABLE ike 0:IPSEC_AMADEUS:702734: processing child notify type TS_UNACCEPTABLE ike 0:IPSEC_AMADEUS:702734: malformed message ike 0:IPSEC_AMADEUS:702734: schedule delete of IKE SA 354748b3240d3bdd/86c7b0e3733f722d ike 0:IPSEC_AMADEUS:702734: scheduled delete of IKE SA 354748b3240d3bdd/86c7b0e3733f722d ike 0:IPSEC_AMADEUS: [style="background-color: #ff0000;"]connection expiring due to phase1 down WHAT IS MEAN[/style] ike 0:IPSEC_AMADEUS: deleting ike 0:IPSEC_AMADEUS: flushing ike 0:IPSEC_AMADEUS: flushed ike 0:IPSEC_AMADEUS: deleted ike 0:IPSEC_AMADEUS: schedule auto-negotiate
Thanks for helping...
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.