Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
quynhln8
New Contributor II

Created on ‎05-26-2024 11:04 PM

help to VPN between FGT & cisco

I set VPN between FGT v6.4 & Cisco2911

on FW display phase1 done but phase2 down

so when I check event VPN, result is phase 1 error

On cisco, status is UP-IDLE

for some reason, I had to hide the information 

look forward to the help

 

RT config.pngshow crypto RT.pngnetwork.pngauthen.pngphase-1.pngphase-2.pngVPN event.pngdiag FW.png

 

 

 

 

 

      

Labels:
685
0 Kudos
12 REPLIES 12
fricci_FTNT
Staff
Staff
In response to quynhln8

Created on ‎05-29-2024 02:41 AM

Hi @quynhln8 ,

Have you run the command below as previously suggested? Have you spotted any mismatch?

diagnose vpn ike log-filter dst-addr4 <remote-peer-IP>
diagnose debug application ike -1
diagnose debug console timestamp enable
diagnose debug enable

 

Note: Starting from FortiOS 7.4.1, the 'diagnose vpn ike log-filter dst-addr4' command has been changed to 'diagnose vpn ike log filter rem-addr4'.


If you can, please paste its output here. If you cannot paste it, I would suggest you to open a ticket with our support so this issue can be properly investigated.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
191
rvillaroman
Staff
Staff

Created on ‎05-29-2024 08:54 PM

Hi @quynhln8,

 

It shows that they have different phase2-selectors; kindly match their phase2-selector and do not add it at once as the SPI will be different.

 

Kindly see this document for further information.

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/666100/ipsec-vpn-between-a-f...

rvillaroman
134
quynhln8
New Contributor II

Created on ‎05-29-2024 08:58 PM

tks every one, it's already working

122
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.