hello, I have this problem.
Im trying to do a VPN between FGT - CheckPoint
this is my debbug text
ignoring unsupported informational message 0
any idea ?
ike 0: in 8D7060CA123E012800000000000000000B1005000764A4A6000000280000000C000000000100000E
ike 0:Bancomer:221: ignoring unsupported INFORMATIONAL message 0.
ike shrank heap by 126976 bytes
ike 0:Bancomer:221: out 8D7060CA123E012800000000000000000110020000000000000001340D000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E01008003000180020002800400020000002802010000800B0001000C00040001518080010007800E00C08003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000148299031757A36082C6A621DE00050080
ike 0:Bancomer:221: sent IKE msg (P1_RETRANSMIT): 187.x.x.x:500->148.x.x.x:500, len=308, id=8d7060ca123e0128/0000000000000000
ike 0:Bancomer:221: out 8D7060CA123E012800000000000000000110020000000000000001340D000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E01008003000180020002800400020000002802010000800B0001000C00040001518080010007800E00C08003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000148299031757A36082C6A621DE00050080
ike 0:Bancomer:221: sent IKE msg (P1_RETRANSMIT): 187.x.x.x:500->x.x.x.x:500, len=308, id=8d7060ca123e0128/0000000000000000
ike 0:Bancomer:221: negotiation timeout, deleting
ike 0:Bancomer: connection expiring due to phase1 down
ike 0:Bancomer: deleting
ike 0:Bancomer: flushing
ike 0:Bancomer: flushed
ike 0:Bancomer: deleted
ike 0:Bancomer: schedule auto-negotiate
ike 0:Bancomer: auto-negotiate connection
ike 0:Bancomer: created connection: 0xa611d58 3 187.x.x.x->148.x.x.x:500.
ike 0:Bancomer:222: initiator: main mode is sending 1st message...
ike 0:Bancomer:222: cookie 7f76d5c3f0730b2c/0000000000000000
ike 0:Bancomer:222: out 7F76D5C3F0730B2C00000000000000000110020000000000000001340D000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E01008003000180020002800400020000002802010000800B0001000C00040001518080010007800E00C08003000180020002800400020D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000148299031757A36082C6A621DE00050080
You can ignore this message.
Does the tunnel come up, and do you have traffic across it?
A full debug of the informational will show it's probably something chkp specific but yes I have to agree with Ede you can ignore this. It has nothing to do with your VPN not working if that's the case.
Ken
PCNSE
NSE
StrongSwan
the tunnel is down. and I have not traffic across it..
Did you ever find a resolution? I am having the same issue with a new tunnel.
was my presharedkey password. I changed for another more easy and thats it.
Thanks. Mine turned out to be an issue with IKE versions. My end was using v1, theirs v2.
I'm pretty much having the same issue, FGT50E to Cisco router (VPN GW, crypto maps, NOT VTI). Debug and packet capture shows PH1 negotiation traffic leaving the FGT, and we only get an IKE informational message back, nothing else, no additional proposals, nothing. I have checked, re-check, triple-checked all the parameters, and they all seem to be correct (I do not have access to the Cisco, but have gotten some show commands and config). This Cisco VPN router has been in use for years by many different customers (actual crypto config done by script), but I think this is the first attempt to connect an FGT to it.
Any suggestions would be appreciated.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.