help to VPN between FGT & cisco

quynhln8 · ‎05-26-2024

I set VPN between FGT v6.4 & Cisco2911

on FW display phase1 done but phase2 down

so when I check event VPN, result is phase 1 error

On cisco, status is UP-IDLE

for some reason, I had to hide the information

look forward to the help

RT config.png show crypto RT.png VPN event.png diag FW.png

fricci_FTNT · ‎05-29-2024

Hi @quynhln8 ,

Have you run the command below as previously suggested? Have you spotted any mismatch?

diagnose vpn ike log-filter dst-addr4 <remote-peer-IP>
diagnose debug application ike -1
diagnose debug console timestamp enable
diagnose debug enable

Note: Starting from FortiOS 7.4.1, the 'diagnose vpn ike log-filter dst-addr4' command has been changed to 'diagnose vpn ike log filter rem-addr4'.

If you can, please paste its output here. If you cannot paste it, I would suggest you to open a ticket with our support so this issue can be properly investigated.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.

rvillaroman · ‎05-29-2024

Hi @quynhln8,

It shows that they have different phase2-selectors; kindly match their phase2-selector and do not add it at once as the SPI will be different.

Kindly see this document for further information.

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/666100/ipsec-vpn-between-a-f...

rvillaroman

quynhln8 · ‎05-29-2024

tks every one, it's already working

help to VPN between FGT & cisco

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website