Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- iOS remote access wizzard
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
iOS remote access wizzard
Hi.
I tried to configure a simple remote access via L2TP with a Fortigate 60C.
I configured everything very simple with pass phrases like 123456 and simple users, no complex user group labels or something strange like that - but haven' t had luck.
My goal is, that I have a remote access configuration, we can use with all iOS devices (iOS7 an iPhone and iPad) and Mac OSX as well. And no - we do not like to use the SSL-VPN client on iOS.
So - bellow I have the debug output but I can not find any information, what the problem is. Can somebody help me out? It' s frustrating
Oh, before somebody is asking. I used the latest beta and of course also the latest recommended stable. Problem was the same.
Tried also the step by step manual from the book.
http://docs.fortinet.com/uploaded/files/359/fortigate-cookbook-507-expanded.pdf
FGT60C3G10019263 # 2014-06-10 19:54:50 ike 0: comes 80.187.96.230:500->178.25.145.200:500,ifindex=4.... 2014-06-10 19:54:50 ike 0: IKEv1 exchange=Identity Protection id=f423f42819fc91f4/0000000000000000 len=500 2014-06-10 19:54:50 ike 0: in F423F42819FC91F400000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID RFC 3947 4A131C81070358455C5728F20E95452F 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: VID DPD AFCAD71368A1F1C96B8696FC77570100 2014-06-10 19:54:50 ike 0: cache rebuild start 2014-06-10 19:54:50 ike 0:RAS: cached as dynamic 2014-06-10 19:54:50 ike 0: cache rebuild done 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: negotiation result 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: proposal id = 1: 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: protocol id = ISAKMP: 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: trans_id = KEY_IKE. 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: encapsulation = IKE/none 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC. 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: type=OAKLEY_HASH_ALG, val=MD5. 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: type=AUTH_METHOD, val=PRESHARED_KEY. 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: type=OAKLEY_GROUP, val=MODP1024. 2014-06-10 19:54:50 ike 0:f423f42819fc91f4/0000000000000000:4: ISAKMP SA lifetime=86400 2014-06-10 19:54:50 ike 0:RAS:4: DPD negotiated 2014-06-10 19:54:50 ike 0:RAS:4: unsupported NAT-T version draft-ietf-ipsec-nat-t-ike-04 2014-06-10 19:54:50 ike 0:RAS:4: unsupported NAT-T version draft-ietf-ipsec-nat-t-ike-05 2014-06-10 19:54:50 ike 0:RAS:4: unsupported NAT-T version draft-ietf-ipsec-nat-t-ike-06 2014-06-10 19:54:50 ike 0:RAS:4: unsupported NAT-T version draft-ietf-ipsec-nat-t-ike-07 2014-06-10 19:54:50 ike 0:RAS:4: unsupported NAT-T version draft-ietf-ipsec-nat-t-ike-08 2014-06-10 19:54:50 ike 0:RAS:4: cookie f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:54:50 ike 0:RAS:4: out F423F42819FC91F49432AEFB406F12B50110020000000000000000C80D00003800000001000000010000002C010100010000002402010000800B0001800C0E1080010007800E01008003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D0000148299031757A36082C6A621DE000502460D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000 2014-06-10 19:54:50 ike 0:RAS:4: sent IKE msg (ident_r1send): 178.25.145.200:500->80.187.96.230:500, len=200, id=f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:54:50 ike 0: comes 80.187.96.230:500->178.25.145.200:500,ifindex=4.... 2014-06-10 19:54:50 ike 0: IKEv1 exchange=Identity Protection id=f423f42819fc91f4/9432aefb406f12b5 len=220 2014-06-10 19:54:50 ike 0: in F423F42819FC91F49432AEFB406F12B50410020000000000000000DC0A00008411786EB051A7D36F67969E8C81900DCB2A4E51C9CAEF0C7171511ECF55F8C9DA2EFA085599A45F7455C999F347B288E3EC586D0FC7092542953FC855AE359B9339CA811F9DD36300800C299D35D0BC61793881CAB5C0428A03C5E9B840769E1B16752BDBDF270932EF83C7117B509FAE6FD1F23871A5B0C6ABCF2019ABA64F5D14000014F2A5B51EE43611F68E2EE350E332729D140000149A40D7E02B1AF2D1DD6ED1D60DCE33FD00000014B13D889CFE9A0E46E7B9D909382C0CCF 2014-06-10 19:54:50 ike 0:RAS:4: out F423F42819FC91F49432AEFB406F12B50410020000000000000000DC0A000084FE1FEEA45B554E8B6D07A2DD9B55EF77008272780D60F35FD4D727CC464420570FC673563FE41AC60C004C751E217C41D5A4FF6455C0E832448EF538917AF589CFBC5CC894968CB6A9B9AB8F9CF04D0489B40892762E10B773BF5F457CEDDE005B07F735E13F06FDBB63180809494AE21B01AD7314751575B4B9FF6E2B11654114000014AB5B69B53C3EEE679BDA8F1DA7D9032114000014CD20D0728791CD2DA0227EF3CADF954C000000149A40D7E02B1AF2D1DD6ED1D60DCE33FD 2014-06-10 19:54:50 ike 0:RAS:4: sent IKE msg (ident_r2send): 178.25.145.200:500->80.187.96.230:500, len=220, id=f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:54:50 ike 0:RAS:4: ISAKMP SA f423f42819fc91f4/9432aefb406f12b5 key 32:2E71ECF90B69A1332E73526A69CC3A564A7168A020AEC15E636030370640CDD7 2014-06-10 19:54:51 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:51 ike 0: IKEv1 exchange=Identity Protection id=f423f42819fc91f4/9432aefb406f12b5 len=92 2014-06-10 19:54:51 ike 0: in F423F42819FC91F49432AEFB406F12B505100201000000000000005C9F1D981AFD83899683D30099DAF02D6D2CF0A16917ABE339EB3223B82390BCBA7FCF606806587ECFD634D1ECED233DF510019E6C5580C57ABEB80D232E8920FC 2014-06-10 19:54:51 ike 0:RAS:4: dec F423F42819FC91F49432AEFB406F12B505100201000000000000005C0800000C011101F40A329C5A0B00001470555479E32E3D2FFF13C1CBF5266E420000001C0000000101106002F423F42819FC91F49432AEFB406F12B500000004 2014-06-10 19:54:51 ike 0:RAS:4: received notify type 24578 2014-06-10 19:54:51 ike 0:RAS:4: peer identifier IPV4_ADDR 10.50.156.90 2014-06-10 19:54:51 ike 0:RAS:4: PSK authentication succeeded 2014-06-10 19:54:51 ike 0:RAS:4: authentication OK 2014-06-10 19:54:51 ike 0:RAS:4: enc F423F42819FC91F49432AEFB406F12B505100201000000000000003C0800000C01000000B21991D0000000141E7250843E1DCAF5033E385397270389 2014-06-10 19:54:51 ike 0:RAS:4: out F423F42819FC91F49432AEFB406F12B505100201000000000000004C341B52106EC141C8DF81E1AB9FCE414D37EF707DAE9319AD7398C321F3B15C089E41D53BAF0C08117F1AC5DE077D8224 2014-06-10 19:54:51 ike 0:RAS:4: sent IKE msg (ident_r3send): 178.25.145.200:4500->80.187.96.230:5469, len=76, id=f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:54:51 ike 0:RAS:4: established IKE SA f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:54:51 ike 0:RAS: adding new dynamic tunnel for 80.187.96.230:5469 2014-06-10 19:54:51 ike 0:RAS_0: added new dynamic tunnel for 80.187.96.230:5469 2014-06-10 19:54:51 ike 0:RAS_0:4: processing INITIAL-CONTACT 2014-06-10 19:54:51 ike 0:RAS_0: flushing 2014-06-10 19:54:51 ike 0:RAS_0: flushed 2014-06-10 19:54:51 ike 0:RAS_0:4: processed INITIAL-CONTACT 2014-06-10 19:54:51 ike 0:RAS_0:4: initiating XAUTH. 2014-06-10 19:54:51 ike 0:RAS_0:4: sending XAUTH request 2014-06-10 19:54:51 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100601F60B7E97000000440E000014089E8145CDDF58F7C252976971751BF300000014010025EEC088000040890000408A0000 2014-06-10 19:54:51 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100601F60B7E970000004C292B933C6BD09F39F4DD9C1FD5189F95533EF9DAC16A7B6D76091E7C92313455C2068FB54FEFCF6DA16A117448F49A26 2014-06-10 19:54:51 ike 0:RAS_0:4: sent IKE msg (cfg_send): 178.25.145.200:4500->80.187.96.230:5469, len=76, id=f423f42819fc91f4/9432aefb406f12b5:f60b7e97 2014-06-10 19:54:51 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:51 ike 0: IKEv1 exchange=Mode config id=f423f42819fc91f4/9432aefb406f12b5:f60b7e97 len=76 2014-06-10 19:54:51 ike 0: in F423F42819FC91F49432AEFB406F12B508100601F60B7E970000004C9F3DEE8FABE3EA7036A38B3926FB33D8A9A86BE56A7724E6692EED9DF182800D5CE71472BE9B8C6F0E32B2DEF8239E25 2014-06-10 19:54:51 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B508100601F60B7E970000004C0E000014AFE032BBDBDED0DE28882A3B09C699620000000C020025EEC088000000000000000000000000000000000010 2014-06-10 19:54:52 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:52 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:54:52 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:54:55 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:55 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:54:55 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:54:56 ike 0:RAS_0: link is idle 4 178.25.145.200->80.187.96.230:5469 dpd=1 seqno=1 2014-06-10 19:54:56 ike 0:RAS_0:4: send IKEv1 DPD probe, seqno 1 2014-06-10 19:54:56 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100501B8C2BD4B000000500B000014E48464CBBD96EAFE3AC063B9E8C61F01000000200000000101108D28F423F42819FC91F49432AEFB406F12B500000001 2014-06-10 19:54:56 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100501B8C2BD4B0000005CD048FCA55560FFEF32673BF7B7042A411051E5782240E47EC3EF188422F0046EB111DBE208EC9BC449213F8E5CBB78088676C097CC315578F2A53200CA3349B5 2014-06-10 19:54:56 ike 0:RAS_0:4: sent IKE msg (R-U-THERE): 178.25.145.200:4500->80.187.96.230:5469, len=92, id=f423f42819fc91f4/9432aefb406f12b5:b8c2bd4b 2014-06-10 19:54:57 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:57 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:cb8f681d len=92 2014-06-10 19:54:57 ike 0: in F423F42819FC91F49432AEFB406F12B508100501CB8F681D0000005CF5EB0031E4002449EA3957C641C8C547EF502F6D0E73C6DCAB8680DEE21A1412D2955F3CD052B721A0CF13B78F993477ABDA186D8945E8D0EB1BDCE02BC4D82E 2014-06-10 19:54:57 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B508100501CB8F681D0000005C0B000014974509C163BC95A8AB06162067379287000000200000000101108D29F423F42819FC91F49432AEFB406F12B50000000100000000000000000000000C 2014-06-10 19:54:57 ike 0:RAS_0:4: notify msg received: R-U-THERE-ACK 2014-06-10 19:54:58 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:54:58 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:54:58 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:00 ike shrank heap by 114688 bytes 2014-06-10 19:55:02 ike 0:RAS_0: link is idle 4 178.25.145.200->80.187.96.230:5469 dpd=1 seqno=2 2014-06-10 19:55:02 ike 0:RAS_0:4: send IKEv1 DPD probe, seqno 2 2014-06-10 19:55:02 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100501A518E3B8000000500B000014A41822058B3050AF4182D84CBF54C5D1000000200000000101108D28F423F42819FC91F49432AEFB406F12B500000002 2014-06-10 19:55:02 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100501A518E3B80000005C07B455570EEC121DC98A508A2614EFF20C0771F68BAEB04D1626E891B4BA7C6F3A6DE634C08EBC1CF27D6E1D1A9847F7556EE0AF8F1D4195DAA5817F52F8F966 2014-06-10 19:55:02 ike 0:RAS_0:4: sent IKE msg (R-U-THERE): 178.25.145.200:4500->80.187.96.230:5469, len=92, id=f423f42819fc91f4/9432aefb406f12b5:a518e3b8 2014-06-10 19:55:02 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:02 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:02 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:03 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:03 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:c18736e0 len=92 2014-06-10 19:55:03 ike 0: in F423F42819FC91F49432AEFB406F12B508100501C18736E00000005C5E230CDC85B048A71ABB6FE548699AABB7CA61BE14FB8107F536AEE8EBF743FA36A15F6821FD7896C41A7864543CE19DAC3FCE7822709EC64D20DCF703E95931 2014-06-10 19:55:03 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B508100501C18736E00000005C0B00001491686291645D68CE34DD4C677399A73C000000200000000101108D29F423F42819FC91F49432AEFB406F12B50000000200000000000000000000000C 2014-06-10 19:55:03 ike 0:RAS_0:4: notify msg received: R-U-THERE-ACK 2014-06-10 19:55:06 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:06 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:06 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:08 ike 0:RAS_0: link is idle 4 178.25.145.200->80.187.96.230:5469 dpd=1 seqno=3 2014-06-10 19:55:08 ike 0:RAS_0:4: send IKEv1 DPD probe, seqno 3 2014-06-10 19:55:08 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100501795D15E2000000500B0000143995C43C2856660C8A31BFCE3ABE1803000000200000000101108D28F423F42819FC91F49432AEFB406F12B500000003 2014-06-10 19:55:08 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100501795D15E20000005CD3F96E1EEB45228CF68D901E7932AEE9391CF6A7426287F78426A6BDCAFDC9344FF19CD98EE265471389B7658BF84434D1D884933CC6E2D80A1E93A27094D955 2014-06-10 19:55:08 ike 0:RAS_0:4: sent IKE msg (R-U-THERE): 178.25.145.200:4500->80.187.96.230:5469, len=92, id=f423f42819fc91f4/9432aefb406f12b5:795d15e2 2014-06-10 19:55:08 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:08 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:3a49f332 len=92 2014-06-10 19:55:08 ike 0: in F423F42819FC91F49432AEFB406F12B5081005013A49F3320000005CB7B808B2EB93BDE6DB4A8FE49619620C78B9937C22562EE00D8160BC63EE00383CC476CBA1558F6EE0BAE98C098B011619D8AE30A037F17FC59F844C3AE0545E 2014-06-10 19:55:08 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B5081005013A49F3320000005C0B000014DF58CBBCCDF8ADBB0233754212BD1953000000200000000101108D29F423F42819FC91F49432AEFB406F12B50000000300000000000000000000000C 2014-06-10 19:55:08 ike 0:RAS_0:4: notify msg received: R-U-THERE-ACK 2014-06-10 19:55:08 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:08 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:08 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:10 ike shrank heap by 8192 bytes 2014-06-10 19:55:12 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:12 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:12 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:13 ike 0:RAS_0: link is idle 4 178.25.145.200->80.187.96.230:5469 dpd=1 seqno=4 2014-06-10 19:55:13 ike 0:RAS_0:4: send IKEv1 DPD probe, seqno 4 2014-06-10 19:55:13 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100501CF208688000000500B000014CCF4016FD16F6F340DEDA9B7BA5BA9DA000000200000000101108D28F423F42819FC91F49432AEFB406F12B500000004 2014-06-10 19:55:13 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100501CF2086880000005CDF760A695AE18AC937B668E1FE2639C9128B3EF26AA08A1A4AC272E105471E46BCB73192A1C4573A18656F8DFFEE5DDF89E5712880872F312131665423CB79ED 2014-06-10 19:55:13 ike 0:RAS_0:4: sent IKE msg (R-U-THERE): 178.25.145.200:4500->80.187.96.230:5469, len=92, id=f423f42819fc91f4/9432aefb406f12b5:cf208688 2014-06-10 19:55:13 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:13 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:e07acf67 len=92 2014-06-10 19:55:13 ike 0: in F423F42819FC91F49432AEFB406F12B508100501E07ACF670000005C6D70CC138D7DD46DCA5072527ADF70DD4F0BB1DA261B957CCB962282A10E382E2E810002DA257F19F625E7141DD9E08C4F7EDA3CE21563DF951698146101F3E9 2014-06-10 19:55:13 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B508100501E07ACF670000005C0B00001429B2B10671E7FDCD855375B79F5CD256000000200000000101108D29F423F42819FC91F49432AEFB406F12B50000000400000000000000000000000C 2014-06-10 19:55:13 ike 0:RAS_0:4: notify msg received: R-U-THERE-ACK 2014-06-10 19:55:15 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:15 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:15 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:18 ike 0:RAS_0: link is idle 4 178.25.145.200->80.187.96.230:5469 dpd=1 seqno=5 2014-06-10 19:55:18 ike 0:RAS_0:4: send IKEv1 DPD probe, seqno 5 2014-06-10 19:55:18 ike 0:RAS_0:4: enc F423F42819FC91F49432AEFB406F12B508100501B564D19E000000500B000014E6D549D38591B3E3F8A3C3EEEB81FF21000000200000000101108D28F423F42819FC91F49432AEFB406F12B500000005 2014-06-10 19:55:18 ike 0:RAS_0:4: out F423F42819FC91F49432AEFB406F12B508100501B564D19E0000005CE1C3467595ABF4701AACE4E8A883323A54B0CBBCE9ACC72BA6704C53257C840AFF4D0E2B4204DF62D276EE8552319328DFE6DAF199FF39F03A97C8142A66D088 2014-06-10 19:55:18 ike 0:RAS_0:4: sent IKE msg (R-U-THERE): 178.25.145.200:4500->80.187.96.230:5469, len=92, id=f423f42819fc91f4/9432aefb406f12b5:b564d19e 2014-06-10 19:55:18 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:18 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:18 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:19 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:19 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:ab6fc4fd len=92 2014-06-10 19:55:19 ike 0: in F423F42819FC91F49432AEFB406F12B508100501AB6FC4FD0000005C1671356A28AEA52D9C6E6EF610E68BA76E2B3F933B01E96ACD7D22EF38AB71476B2378A654D572791D9B2894713836DFD93C136F8958037ADB4A46823E110F8E 2014-06-10 19:55:19 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B508100501AB6FC4FD0000005C0B000014E5E663FBC3EF23D7B452A33E663E692B000000200000000101108D29F423F42819FC91F49432AEFB406F12B50000000500000000000000000000000C 2014-06-10 19:55:19 ike 0:RAS_0:4: notify msg received: R-U-THERE-ACK 2014-06-10 19:55:22 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:22 ike 0: IKEv1 exchange=Quick id=f423f42819fc91f4/9432aefb406f12b5:b0704482 len=316 2014-06-10 19:55:22 ike 0: in F423F42819FC91F49432AEFB406F12B508102001B07044820000013C247767DD8D5D213924082A00CFACBD44D2F981DA57F55CA9DAD61388473AAD7B9A8F7B877C649A2F8A4DB0EBAC9C0D0051FCEC38DB5CBC6A53DE485C0932CDDCE6F2080614C39BDEC11C2846B40B8CBC249BD6BA348233A416299120715E8AF93440F978A67552765DE446F4FCD5B9B135DE4D59367FDDEFA2C87EFF894AB02EDB2D5B4471DC32ACECCD1F3818A5FDD5FFC95D187B80070487CEDCB78DE21AE71544593C4B96540803AC0901EDCB25BC78D61AC2977F2858FA9D2AB58D292C8CB8E1978FE956029745D717FD9AAD6E6B8F8EA6D1F2979B148FFE6EEDDBBC18C5022ABA4D3E7DC4BFC5F6A9225B280287589CCA50F0F37D65A60E15D67F040BF90372C7B482AE5B3BA19C577E2D0687A3AD2E0FDE0CE01CD6037FCAF8B671F603 2014-06-10 19:55:22 ike 0: comes 80.187.96.230:5469->178.25.145.200:4500,ifindex=4.... 2014-06-10 19:55:22 ike 0: IKEv1 exchange=Informational id=f423f42819fc91f4/9432aefb406f12b5:80673d82 len=92 2014-06-10 19:55:22 ike 0: in F423F42819FC91F49432AEFB406F12B50810050180673D820000005C900A4DD553242DDB0E4F7F794EB719BD16897397F2E594F38ACA58DBF9C5ABE6AA6C7E8F7553184D85DE746C35ED2902ABB3E40A7BD6440CC1B2524DD9EA327E 2014-06-10 19:55:22 ike 0:RAS_0:4: dec F423F42819FC91F49432AEFB406F12B50810050180673D820000005C0C000014316A28126FA6C9E1C1B4C5DEBE6C1AA80000001C0000000101100001F423F42819FC91F49432AEFB406F12B500000000000000000000000000000010 2014-06-10 19:55:22 ike 0:RAS_0:4: recv ISAKMP SA delete f423f42819fc91f4/9432aefb406f12b5 2014-06-10 19:55:22 ike 0:RAS_0: deleting 2014-06-10 19:55:22 ike 0:RAS_0: flushing 2014-06-10 19:55:22 ike 0:RAS_0: sending SNMP tunnel DOWN trap 2014-06-10 19:55:22 ike 0:RAS_0: flushed 2014-06-10 19:55:22 ike 0:RAS_0: delete dynamic 2014-06-10 19:55:22 ike 0:RAS_0: reset NAT-T 2014-06-10 19:55:22 ike 0:RAS_0: deleted
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A copy of the config and usergroup would come in handy.
You can follow my blog on l2tp vpn setup for iOS/Android or Windows/MACOSX
http://socpuppet.blogspot.com/2013/02/l2tp-setup-fortigate-200b-mr3p12.html
note: be cautious of tunnel-mode vrs transport-mode for l2tp and any chap/pap settings on the client side.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi.
When I used the wizard, there was noch phase1/2 configured - only phase1/2-tunnel..
So I tried it manually with your tutorial but haven' t had luck yet.
In general it' s frustrating that the wizard isn' t working - makes it useless :-)
here is the latest configuration and debug output.
config user group
edit " RAS"
set member " K14021504" " M76356688"
next
end
FGT # show vpn l2tp
config vpn l2tp
set eip 10.10.10.10
set sip 10.10.10.1
set status enable
set usrgrp " RAS"
end
FGT # show vpn ipsec phase1 ras
config vpn ipsec phase1
edit " ras"
set type dynamic
set interface " wan1"
set nattraversal disable
set keylife 3600
set proposal aes128-sha1 aes128-md5
set dhgrp 2
set psksecret ENC Gq/JYyZ3kBKotYKfGajSujLr6hjQb9M0qqKYTCT9WQUhZ+znoph7fS0T14s0lClC1YJLyDqYEa5zuFTiK+gV8sROFgmF4mYpJ/oessidDM9cGBKMRKg+aVj6OgdhlxP+oJwTrCEtGK5qsBVCgwbxDOXaN+w6YoYBXAiwKMZG358uAkXP3jFIzqHJjl6+Xjv1lBonCA==
set keepalive 600
next
end
FGT # show vpn ipsec phase2 ras
config vpn ipsec phase2
edit " ras"
set phase1name " ras"
set proposal aes256-md5 3des-sha1 aes192-sha1
set pfs disable
set encapsulation transport-mode
set l2tp enable
set keylifeseconds 3600
next
end
#############
2014-06-11 06:32:28 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 06:32:28 ike 0: IKEv1 exchange=Identity Protection id=e187a55fb99d2949/0000000000000000 len=500
2014-06-11 06:32:28 ike 0: in E187A55FB99D294900000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: responder: main mode get 1st message...
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:28 ike 0: cache rebuild start
2014-06-11 06:32:28 ike 0:ras: cached as dynamic
2014-06-11 06:32:28 ike 0: cache rebuild done
2014-06-11 06:32:28 ike 0:ras: ignoring IKE request, no policy configured
2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: negotiation failure
2014-06-11 06:32:28 ike Negotiate ISAKMP SA Error: 2014-06-11 06:32:28 ike 0:e187a55fb99d2949/0000000000000000:37: no SA proposal chosen
2014-06-11 06:32:33 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 06:32:33 ike 0: IKEv1 exchange=Identity Protection id=e187a55fb99d2949/0000000000000000 len=500
2014-06-11 06:32:33 ike 0: in E187A55FB99D294900000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: responder: main mode get 1st message...
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:33 ike 0:ras: ignoring IKE request, no policy configured
2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: negotiation failure
2014-06-11 06:32:33 ike Negotiate ISAKMP SA Error: 2014-06-11 06:32:33 ike 0:e187a55fb99d2949/0000000000000000:38: no SA proposal chosen
2014-06-11 06:32:34 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 06:32:34 ike 0: IKEv1 exchange=Identity Protection id=e187a55fb99d2949/0000000000000000 len=500
2014-06-11 06:32:34 ike 0: in E187A55FB99D294900000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: responder: main mode get 1st message...
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:34 ike 0:ras: ignoring IKE request, no policy configured
2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: negotiation failure
2014-06-11 06:32:34 ike Negotiate ISAKMP SA Error: 2014-06-11 06:32:34 ike 0:e187a55fb99d2949/0000000000000000:39: no SA proposal chosen
2014-06-11 06:32:40 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 06:32:40 ike 0: IKEv1 exchange=Identity Protection id=e187a55fb99d2949/0000000000000000 len=500
2014-06-11 06:32:40 ike 0: in E187A55FB99D294900000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: responder: main mode get 1st message...
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 06:32:40 ike 0:ras: ignoring IKE request, no policy configured
2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: negotiation failure
2014-06-11 06:32:40 ike Negotiate ISAKMP SA Error: 2014-06-11 06:32:40 ike 0:e187a55fb99d2949/0000000000000000:40: no SA proposal chosen
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You didn' t follow the cfg in my blog exactly
I would modify the phase1 settings since this is failing in the debug output you provided. Theirs no reasonable reason for disabling NAT-T and for a dynamic dialup vpn.
Also your keylife is extremely low. I would use a conservative 28800 which is typically the defacto std.
e.g ( mods for phase1 )
set nattraversal enable
set keylife 28800
Next, follow the diagnostic again, but include the diag debug app l2tp 255 and let us know what you find.
If you get connected and assigned an address, than make sure your fwpolicies allow for the scoped range
Ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the current configuration and output. There was no debut output for L2TP - it' s enabled of course.
What looks interesting for me is the following debut output - but I' m not sure what' s not right with Phase1.
2014-06-11 11:01:18 ike 0:RAS_p1: ignoring IKE request, no policy configured 2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: negotiation failure 2014-06-11 11:01:18 ike Negotiate ISAKMP SA Error: 2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: no SA proposal chosenBellow the complete configuration (necessary parts) #######
FGT # show user local
config user local
edit " M76356688"
set type password
set email-to " user@company.com"
set passwd-time 2014-06-10 19:08:32
set passwd ENC BGXlFCBo3oTU7peTSEfsUsFcRCTSf3KNroZlWIpw/OvIlUTP+rHJN2qfo4W0wFExv4ELbZhAVwhE9Pjpxw4ZnkuVNgoXpZWtX2xCFRIzWsrDNn7YlzB0+fk83TZC8tiGMKg8t976P4LMKVxy6tkShMDeWX+1cuG0MXiSD7YmbFppIIJApeI4qrkF+dzATPKZzMQzFw==
next
end
FGT # show user group
config user group
edit " RAS"
set member " K14021504" " M76356688"
next
end
FGT # show vpn l2tp
config vpn l2tp
set eip 10.10.10.10
set sip 10.10.10.1
set status enable
set usrgrp " RAS"
end
FGT # show vpn ipsec phase1
config vpn ipsec phase1
edit " RAS_p1"
set type dynamic
set interface " wan1"
set keylife 28800
set proposal 3des-md5 aes128-md5 aes128-sha1 aes256-md5 aes256-sha1
set dhgrp 2
set psksecret ENC Ej9ZCiy7bB6YoxHyxJgGi1cfsZ+D90udsCMbuguudDRicxd0OZbvZnIHIOKioE7m0i/0Z/0KRL3BRW6h6sMgZP320R7wFR9lXUJBHXIc13MCTLnIGVjNcj3p262tcpIA30TRrxYwIMsJULkdPjq+K98dFaunmvxoRWD+9RRv/ZVqeWC57IBP5TTvQJOlvDrXgWQDqw==
next
end
FGT # show vpn ipsec phase2
config vpn ipsec phase2
edit " RAS_p2"
set phase1name " RAS_p1"
set proposal aes256-md5 3des-sha1 aes192-sha1
set pfs disable
set encapsulation transport-mode
set l2tp enable
set keylifeseconds 28800
next
end
#################
FGT # 2014-06-11 11:01:13 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 11:01:13 ike 0: IKEv1 exchange=Identity Protection id=771ba37331faac64/0000000000000000 len=500
2014-06-11 11:01:13 ike 0: in 771BA37331FAAC6400000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: responder: main mode get 1st message...
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:13 ike 0: cache rebuild start
2014-06-11 11:01:13 ike 0:RAS_p1: cached as dynamic
2014-06-11 11:01:13 ike 0: cache rebuild done
2014-06-11 11:01:13 ike 0:RAS_p1: ignoring IKE request, no policy configured
2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: negotiation failure
2014-06-11 11:01:13 ike Negotiate ISAKMP SA Error: 2014-06-11 11:01:13 ike 0:771ba37331faac64/0000000000000000:38: no SA proposal chosen
2014-06-11 11:01:18 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 11:01:18 ike 0: IKEv1 exchange=Identity Protection id=771ba37331faac64/0000000000000000 len=500
2014-06-11 11:01:18 ike 0: in 771BA37331FAAC6400000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: responder: main mode get 1st message...
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:18 ike 0:RAS_p1: ignoring IKE request, no policy configured
2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: negotiation failure
2014-06-11 11:01:18 ike Negotiate ISAKMP SA Error: 2014-06-11 11:01:18 ike 0:771ba37331faac64/0000000000000000:39: no SA proposal chosen
2014-06-11 11:01:20 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 11:01:20 ike 0: IKEv1 exchange=Identity Protection id=771ba37331faac64/0000000000000000 len=500
2014-06-11 11:01:20 ike 0: in 771BA37331FAAC6400000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: responder: main mode get 1st message...
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:20 ike 0:RAS_p1: ignoring IKE request, no policy configured
2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: negotiation failure
2014-06-11 11:01:20 ike Negotiate ISAKMP SA Error: 2014-06-11 11:01:20 ike 0:771ba37331faac64/0000000000000000:40: no SA proposal chosen
2A2014-06-11 11:01:24 ike 0: comes 80.187.101.118:500->178.25.145.208:500,ifindex=4....
2014-06-11 11:01:24 ike 0: IKEv1 exchange=Identity Protection id=771ba37331faac64/0000000000000000 len=500
2014-06-11 11:01:24 ike 0: in 771BA37331FAAC6400000000000000000110020000000000000001F40D0000E40000000100000001000000D8010100060300002401010000800B0001800C0E1080010007800E01008003000180020002800400020300002402010000800B0001800C0E1080010007800E01008003000180020001800400020300002403010000800B0001800C0E1080010007800E00808003000180020002800400020300002404010000800B0001800C0E1080010007800E00808003000180020001800400020300002005010000800B0001800C0E10800100058003000180020002800400020000002006010000800B0001800C0E10800100058003000180020001800400020D0000144A131C81070358455C5728F20E95452F0D0000144DF37928E9FC4FD1B3262170D515C6620D0000148F8D83826D246B6FC7A8A6A428C11DE80D000014439B59F8BA676C4C7737AE22EAB8F5820D0000144D1E0E136DEAFA34C4F3EA9F02EC72850D00001480D0BB3DEF54565EE84645D4C85CE3EE0D0000149909B64EED937C6573DE52ACE952FA6B0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000184048B7D56EBCE88525E7DE7F00D6C2D38000000000000014AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: responder: main mode get 1st message...
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID RFC 3947 4A131C81070358455C5728F20E95452F
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID unknown (16): 4DF37928E9FC4FD1B3262170D515C662
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-08 8F8D83826D246B6FC7A8A6A428C11DE8
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-07 439B59F8BA676C4C7737AE22EAB8F582
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-06 4D1E0E136DEAFA34C4F3EA9F02EC7285
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-05 80D0BB3DEF54565EE84645D4C85CE3EE
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-04 9909B64EED937C6573DE52ACE952FA6B
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-03 7D9419A65310CA6F2C179D9215529D56
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: VID DPD AFCAD71368A1F1C96B8696FC77570100
2014-06-11 11:01:24 ike 0:RAS_p1: ignoring IKE request, no policy configured
2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: negotiation failure
2014-06-11 11:01:24 ike Negotiate ISAKMP SA Error: 2014-06-11 11:01:24 ike 0:771ba37331faac64/0000000000000000:41: no SA proposal chosen
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Things to look for;
PSK is correct
Client are being NAT-T ( nat-t and port 4500 )
NAT-T timeout
I would start by getting the IKE setup fix, and then the xauth for the client enable. If the clients are NOT passing and IKEv1 phase1, than everything else is mute
You error message shows the client " 80.187.101.118:500->178.25.145.208:500" is not negotiation correctly.
Also do you have main or aggressive mode enable?
http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/phase1.111.04.html
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I will try to fix it after I' m back in a week. But in general I find it a bit frustrating that we have used some tutorials and also the wizard, but couldn' t get it to work. Maybe it' s a but in the Beta release - we will see after my return.
I will update this post with the working configuration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should ASAP, change your shared key now, and remove it from any future posts!
This is way too much information to be sharing on a public website! You' ve given us your public IP, your hash, your proposals...ABORT ABORT!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Keep cool. That IS just a Lab Access without Real Networks behind.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aah, good to hear!
Sorry, Security Paranoia is *STILL* not listed in APA' s DSM, so I can' t get any official treatment for it yet.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,738 -
FortiClient
1,775 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
562 -
FortiSwitch
476 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
320 -
6.2
251 -
SSL-VPN
248 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
206 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
105 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
84 -
Customer Service
80 -
Wireless Controller
80 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1732 | |
| 1106 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.