Hi,
I'm trying to setup a vpn s2s between a fortigate 101f and a fortigate vm on azure, the tunnel don't want to connect, everything is ok same paramteres, but doen't work, on the on prem i receive phase 1 error but on a tunnel that is N/A, and succes on the only tunnel i have and the one i want to function. What is the phase 1 error on the N/A tunnel?
2024/10/12 16:06:53
negotiateError
progress IPsec phase 1
failure
N/A
2024/10/12 16:06:53
negotiate
Notice
progress IPsec phase 1
success
AzureFGT
2024/10/12 16:06:48
negotiate
Azure FGT is the only tunnel I have
Please share the following:
diagnose debug application ike -1
diagnose debug console timestamp enable
diagnose debug enable
FortiHome # diagnose debug application ike -1
Debug messages will be on for 30 minutes.
FortiHome # diagnose debug console timestamp enable
FortiHome # diagnose debug enable
FortiHome # 2024-10-13 18:42:53.415179 ike V=root:0:AzureFGT:12332: auto transport timeout, use tcp port 4500
2024-10-13 18:42:53.415402 ike V=root:creates tcp-transport(vd=0, vrf=0, intf=46:46, x.x.x.x:24053->172.213.242.9:4500 sock=36 refcnt=2 ph1=0x55612070d0) (2).
2024-10-13 18:42:53.416948 ike V=root:0:AzureFGT:12332: create NAT-D hash local x.x.x.x/24053 remote 172.213.242.9/4500
2024-10-13 18:42:54.010698 ike V=root:error in tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:2421 sock=35 refcnt=1 ph1=(nil))
2024-10-13 18:42:54.010819 ike V=root:deletes tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:2421 sock=-1 refcnt=2 ph1=(nil)) (2).
2024-10-13 18:42:54.010861 ike V=root:destorys tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:2421 sock=-1 refcnt=0 ph1=(nil)) (1).
2024-10-13 18:42:55.014625 ike V=root:0: comes y.y.y.y:500->x.x.x.x:500,ifindex=46,vrf=0,len=632....
2024-10-13 18:42:55.014730 ike V=root:0: IKEv2 exchange=SA_INIT id=a2ce63e352fc1b22/0000000000000000 len=632
2024-10-13 18:42:55.014779 ike 0: in A2CE63E352FC1B220000000000000000212022080000000000000278220000F002000034010100050300000C0100000C800E00800300000802000005030000080300000C0300000804000005000000080400000E02000034020100050300000C0100000C800E01000300000802000005030000080300000C0300000804000005000000080400000E0200002C030100040300000C01000014800E008003000008020000050300000804000005000000080400000E0200002C040100040300000C01000014800E010003000008020000060300000804000005000000080400000E0000002C050100040300000C0100001C800E010003000008020000050300000804000005000000080400000E28000108000E0000636A55225270EAD558FC976F9D7D1462A799364E83DAF5965B5BFE5559AF96B312D9B29C5DAD8829816BDA16B5361B3D2DF30128243D19DE58D79560AED6EF9935E00F83C6057067DCB9CD6A8500729B692729DB5832BB70583E6C47707773FB314CB6EDC73C58BDD3B516F67DCD667D7370013464354C95909EF902F45BB24A57FC9817581E9FC795A90FB0202350D291ED041EB31BC9B45FED7740E87AFA47A97A0CFE35ACD1FDCA1B9819AED780801E05DB0C94C8587D4EC33DD7A54663CEA409407BEFFFA67E4EC29E147A58859B65E076ED87C285E4A06EDE2EB6658EC6B970A49442B297511229D4119DB7F668D52C0C7EBD06A91D19A0C0A5BC6865BC29000024A5815338E7C8D6460F61014E48E429F3F5C8822D91CFD20BCA9EECBF5852B52D2900001C000040048ED2CCF05924CC7F7062C4C75B06854E94C72A1C2900001C00004005B8F77050DED7E25C9D41F00A6FB1183C8E2905D4000000080000402E
2024-10-13 18:42:55.014874 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: responder received SA_INIT msg
2024-10-13 18:42:55.014926 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: received notify type NAT_DETECTION_SOURCE_IP
2024-10-13 18:42:55.014972 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: received notify type NAT_DETECTION_DESTINATION_IP
2024-10-13 18:42:55.015013 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: received notify type FRAGMENTATION_SUPPORTED
2024-10-13 18:42:55.015069 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: incoming proposal:
2024-10-13 18:42:55.015111 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: proposal id = 1:
2024-10-13 18:42:55.015142 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: protocol = IKEv2:
2024-10-13 18:42:55.015203 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: encapsulation = IKEv2/none
2024-10-13 18:42:55.015243 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=ENCR, val=AES_CBC (key_len = 128)
2024-10-13 18:42:55.015281 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:42:55.015321 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:55.015359 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:55.015396 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:55.015443 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: proposal id = 2:
2024-10-13 18:42:55.015479 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: protocol = IKEv2:
2024-10-13 18:42:55.015514 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: encapsulation = IKEv2/none
2024-10-13 18:42:55.015551 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=ENCR, val=AES_CBC (key_len = 256)
2024-10-13 18:42:55.015588 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:42:55.015625 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:55.015660 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:55.015696 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:55.015742 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: proposal id = 3:
2024-10-13 18:42:55.015778 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: protocol = IKEv2:
2024-10-13 18:42:55.015824 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: encapsulation = IKEv2/none
2024-10-13 18:42:55.015858 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=ENCR, val=AES_GCM_16 (key_len = 128)
2024-10-13 18:42:55.015890 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:55.015922 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:55.015954 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:55.015995 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: proposal id = 4:
2024-10-13 18:42:55.016026 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: protocol = IKEv2:
2024-10-13 18:42:55.016058 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: encapsulation = IKEv2/none
2024-10-13 18:42:55.016091 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=ENCR, val=AES_GCM_16 (key_len = 256)
2024-10-13 18:42:55.016123 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=PRF, val=PRF_HMAC_SHA2_384
2024-10-13 18:42:55.016155 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:55.016186 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:55.016227 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: proposal id = 5:
2024-10-13 18:42:55.016259 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: protocol = IKEv2:
2024-10-13 18:42:55.016290 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: encapsulation = IKEv2/none
2024-10-13 18:42:55.016323 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=ENCR, val=CHACHA20_POLY1305 (key_len = 256)
2024-10-13 18:42:55.016355 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:55.016387 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:55.016418 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:55.016464 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: no proposal chosen
2024-10-13 18:42:55.016626 ike V=root:Negotiate SA Error: [12803]
2024-10-13 18:42:58.017814 ike V=root:0: comes y.y.y.y:500->x.x.x.x:500,ifindex=46,vrf=0,len=632....
2024-10-13 18:42:58.017895 ike V=root:0: IKEv2 exchange=SA_INIT id=a2ce63e352fc1b22/0000000000000000 len=632
2024-10-13 18:42:58.017941 ike 0: in A2CE63E352FC1B220000000000000000212022080000000000000278220000F002000034010100050300000C0100000C800E00800300000802000005030000080300000C0300000804000005000000080400000E02000034020100050300000C0100000C800E01000300000802000005030000080300000C0300000804000005000000080400000E0200002C030100040300000C01000014800E008003000008020000050300000804000005000000080400000E0200002C040100040300000C01000014800E010003000008020000060300000804000005000000080400000E0000002C050100040300000C0100001C800E010003000008020000050300000804000005000000080400000E28000108000E0000636A55225270EAD558FC976F9D7D1462A799364E83DAF5965B5BFE5559AF96B312D9B29C5DAD8829816BDA16B5361B3D2DF30128243D19DE58D79560AED6EF9935E00F83C6057067DCB9CD6A8500729B692729DB5832BB70583E6C47707773FB314CB6EDC73C58BDD3B516F67DCD667D7370013464354C95909EF902F45BB24A57FC9817581E9FC795A90FB0202350D291ED041EB31BC9B45FED7740E87AFA47A97A0CFE35ACD1FDCA1B9819AED780801E05DB0C94C8587D4EC33DD7A54663CEA409407BEFFFA67E4EC29E147A58859B65E076ED87C285E4A06EDE2EB6658EC6B970A49442B297511229D4119DB7F668D52C0C7EBD06A91D19A0C0A5BC6865BC29000024A5815338E7C8D6460F61014E48E429F3F5C8822D91CFD20BCA9EECBF5852B52D2900001C000040048ED2CCF05924CC7F7062C4C75B06854E94C72A1C2900001C00004005B8F77050DED7E25C9D41F00A6FB1183C8E2905D4000000080000402E
2024-10-13 18:42:58.018053 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: responder received SA_INIT msg
2024-10-13 18:42:58.018099 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: received notify type NAT_DETECTION_SOURCE_IP
2024-10-13 18:42:58.018143 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: received notify type NAT_DETECTION_DESTINATION_IP
2024-10-13 18:42:58.018186 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: received notify type FRAGMENTATION_SUPPORTED
2024-10-13 18:42:58.018241 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: incoming proposal:
2024-10-13 18:42:58.018284 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: proposal id = 1:
2024-10-13 18:42:58.018317 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: protocol = IKEv2:
2024-10-13 18:42:58.018349 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: encapsulation = IKEv2/none
2024-10-13 18:42:58.018383 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=ENCR, val=AES_CBC (key_len = 128)
2024-10-13 18:42:58.018417 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:42:58.018450 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:58.018483 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:58.018515 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:58.018558 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: proposal id = 2:
2024-10-13 18:42:58.018590 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: protocol = IKEv2:
2024-10-13 18:42:58.018623 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: encapsulation = IKEv2/none
2024-10-13 18:42:58.018658 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=ENCR, val=AES_CBC (key_len = 256)
2024-10-13 18:42:58.018691 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:42:58.018723 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:58.018754 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:58.018786 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:58.018827 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: proposal id = 3:
2024-10-13 18:42:58.018858 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: protocol = IKEv2:
2024-10-13 18:42:58.018890 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: encapsulation = IKEv2/none
2024-10-13 18:42:58.018923 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=ENCR, val=AES_GCM_16 (key_len = 128)
2024-10-13 18:42:58.018955 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:58.018986 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:58.019020 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:58.019062 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: proposal id = 4:
2024-10-13 18:42:58.019094 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: protocol = IKEv2:
2024-10-13 18:42:58.019125 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: encapsulation = IKEv2/none
2024-10-13 18:42:58.019158 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=ENCR, val=AES_GCM_16 (key_len = 256)
2024-10-13 18:42:58.019191 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=PRF, val=PRF_HMAC_SHA2_384
2024-10-13 18:42:58.019223 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:58.019255 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:58.019295 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: proposal id = 5:
2024-10-13 18:42:58.019327 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: protocol = IKEv2:
2024-10-13 18:42:58.019359 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: encapsulation = IKEv2/none
2024-10-13 18:42:58.019395 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=ENCR, val=CHACHA20_POLY1305 (key_len = 256)
2024-10-13 18:42:58.019427 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:42:58.019460 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP2048.
2024-10-13 18:42:58.019491 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: type=DH_GROUP, val=MODP1536.
2024-10-13 18:42:58.019536 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12334: no proposal chosen
2024-10-13 18:42:58.019628 ike V=root:Negotiate SA Error: [12803]
2024-10-13 18:43:03.435236 ike :shrank heap by 106496 bytes
2024-10-13 18:43:04.015921 ike V=root:0: comes y.y.y.y:500->x.x.x.x:500,ifindex=46,vrf=0,len=632....
2024-10-13 18:43:04.015992 ike V=root:0: IKEv2 exchange=SA_INIT id=a2ce63e352fc1b22/0000000000000000 len=632
2024-10-13 18:43:04.016035 ike 0: in A2CE63E352FC1B220000000000000000212022080000000000000278220000F002000034010100050300000C0100000C800E00800300000802000005030000080300000C0300000804000005000000080400000E02000034020100050300000C0100000C800E01000300000802000005030000080300000C0300000804000005000000080400000E0200002C030100040300000C01000014800E008003000008020000050300000804000005000000080400000E0200002C040100040300000C01000014800E010003000008020000060300000804000005000000080400000E0000002C050100040300000C0100001C800E010003000008020000050300000804000005000000080400000E28000108000E0000636A55225270EAD558FC976F9D7D1462A799364E83DAF5965B5BFE5559AF96B312D9B29C5DAD8829816BDA16B5361B3D2DF30128243D19DE58D79560AED6EF9935E00F83C6057067DCB9CD6A8500729B692729DB5832BB70583E6C47707773FB314CB6EDC73C58BDD3B516F67DCD667D7370013464354C95909EF902F45BB24A57FC9817581E9FC795A90FB0202350D291ED041EB31BC9B45FED7740E87AFA47A97A0CFE35ACD1FDCA1B9819AED780801E05DB0C94C8587D4EC33DD7A54663CEA409407BEFFFA67E4EC29E147A58859B65E076ED87C285E4A06EDE2EB6658EC6B970A49442B297511229D4119DB7F668D52C0C7EBD06A91D19A0C0A5BC6865BC29000024A5815338E7C8D6460F61014E48E429F3F5C8822D91CFD20BCA9EECBF5852B52D2900001C000040048ED2CCF05924CC7F7062C4C75B06854E94C72A1C2900001C00004005B8F77050DED7E25C9D41F00A6FB1183C8E2905D4000000080000402E
2024-10-13 18:43:04.016150 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: responder received SA_INIT msg
2024-10-13 18:43:04.016196 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: received notify type NAT_DETECTION_SOURCE_IP
2024-10-13 18:43:04.016241 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: received notify type NAT_DETECTION_DESTINATION_IP
2024-10-13 18:43:04.016284 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: received notify type FRAGMENTATION_SUPPORTED
2024-10-13 18:43:04.016339 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: incoming proposal:
2024-10-13 18:43:04.016381 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: proposal id = 1:
2024-10-13 18:43:04.016414 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: protocol = IKEv2:
2024-10-13 18:43:04.016446 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: encapsulation = IKEv2/none
2024-10-13 18:43:04.016480 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=ENCR, val=AES_CBC (key_len = 128)
2024-10-13 18:43:04.016513 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:04.016546 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:04.016579 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:04.016611 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:04.016653 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: proposal id = 2:
2024-10-13 18:43:04.016684 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: protocol = IKEv2:
2024-10-13 18:43:04.016716 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: encapsulation = IKEv2/none
2024-10-13 18:43:04.016750 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=ENCR, val=AES_CBC (key_len = 256)
2024-10-13 18:43:04.016782 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:04.016814 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:04.016846 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:04.016878 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:04.016918 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: proposal id = 3:
2024-10-13 18:43:04.016950 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: protocol = IKEv2:
2024-10-13 18:43:04.016981 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: encapsulation = IKEv2/none
2024-10-13 18:43:04.017014 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=ENCR, val=AES_GCM_16 (key_len = 128)
2024-10-13 18:43:04.017046 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:04.017080 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:04.017112 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:04.017153 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: proposal id = 4:
2024-10-13 18:43:04.017185 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: protocol = IKEv2:
2024-10-13 18:43:04.017216 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: encapsulation = IKEv2/none
2024-10-13 18:43:04.017248 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=ENCR, val=AES_GCM_16 (key_len = 256)
2024-10-13 18:43:04.017281 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=PRF, val=PRF_HMAC_SHA2_384
2024-10-13 18:43:04.017312 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:04.017343 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:04.017384 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: proposal id = 5:
2024-10-13 18:43:04.017418 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: protocol = IKEv2:
2024-10-13 18:43:04.017452 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: encapsulation = IKEv2/none
2024-10-13 18:43:04.017485 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=ENCR, val=CHACHA20_POLY1305 (key_len = 256)
2024-10-13 18:43:04.017518 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:04.017550 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:04.017581 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:04.017627 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12335: no proposal chosen
2024-10-13 18:43:04.017707 ike V=root:Negotiate SA Error: [12803]
2024-10-13 18:43:08.445187 ike V=root:0:AzureFGT:12332: auto transport timeout, use tcp port 4500
2024-10-13 18:43:08.445253 ike V=root:0:AzureFGT:12332: auto transport tcp already up
2024-10-13 18:43:10.030828 ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:4087 sock=35 refcnt=2 ph1=(nil)) (2).
2024-10-13 18:43:13.012206 ike V=root:0: comes y.y.y.y:4087->x.x.x.x:4500,ifindex=46,vrf=0,len=632....
2024-10-13 18:43:13.012277 ike V=root:0: IKEv2 exchange=SA_INIT id=a2ce63e352fc1b22/0000000000000000 len=632
2024-10-13 18:43:13.012325 ike 0: in A2CE63E352FC1B220000000000000000212022080000000000000278220000F002000034010100050300000C0100000C800E00800300000802000005030000080300000C0300000804000005000000080400000E02000034020100050300000C0100000C800E01000300000802000005030000080300000C0300000804000005000000080400000E0200002C030100040300000C01000014800E008003000008020000050300000804000005000000080400000E0200002C040100040300000C01000014800E010003000008020000060300000804000005000000080400000E0000002C050100040300000C0100001C800E010003000008020000050300000804000005000000080400000E28000108000E0000D248B4A145134C0FF05E6DBB1B41745CCBA70AA3FA9776105C6DBBE37D913281D9AFCACC183CE005B4BD3542930B8DB218551D54A7FBE9F06AF9F02044F3096182BF73CFC7D9B132459B97060096039A1EAD6A127CA2D0CEB5036CF04F00D1C3E830BD7C6B25AD00D4E9CA8412BB4A6FF527C98E2C762CD621248D31F6B59461628829504D35CFE4F4826CE340F2D3121975974547FDBD001768506570138D48764F5563F15F3912553ACF7BEC4DF2C1AE94CA6D0AFA62EB856D5B1F0F016F964B9C9D58ACD23E1F7C16181376E05E390F50A575EF50AF05D2BBB1877130AFFDEC9E3C2E09AF0E1F2608E26841C0DDADD79FD86D5ED6579269A6CE88CC5F684529000024EB4616674F2D4CBDB1B687EF33B9D10874AF79B84C5A2FF2DD857BC2369BFE822900001C00004004C30E750B1E4F51AD2AF061AD616E22FDD49ABE802900001C00004005BA6C39E0D165EBA420FBD413F88B466B78F8872F000000080000402E
2024-10-13 18:43:13.012426 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336:sa bind new tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:4087 sock=35 refcnt=1 ph1=(nil))
2024-10-13 18:43:13.012467 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: responder received SA_INIT msg
2024-10-13 18:43:13.012506 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: received notify type NAT_DETECTION_SOURCE_IP
2024-10-13 18:43:13.012543 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: received notify type NAT_DETECTION_DESTINATION_IP
2024-10-13 18:43:13.012579 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: received notify type FRAGMENTATION_SUPPORTED
2024-10-13 18:43:13.012629 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: incoming proposal:
2024-10-13 18:43:13.012665 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: proposal id = 1:
2024-10-13 18:43:13.012692 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: protocol = IKEv2:
2024-10-13 18:43:13.012718 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: encapsulation = IKEv2/none
2024-10-13 18:43:13.012746 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=ENCR, val=AES_CBC (key_len = 128)
2024-10-13 18:43:13.012772 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:13.012802 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:13.012829 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:13.012856 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:13.012892 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: proposal id = 2:
2024-10-13 18:43:13.012918 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: protocol = IKEv2:
2024-10-13 18:43:13.012943 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: encapsulation = IKEv2/none
2024-10-13 18:43:13.012971 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=ENCR, val=AES_CBC (key_len = 256)
2024-10-13 18:43:13.012997 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:13.013023 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:13.013049 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:13.013074 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:13.013109 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: proposal id = 3:
2024-10-13 18:43:13.013135 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: protocol = IKEv2:
2024-10-13 18:43:13.013160 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: encapsulation = IKEv2/none
2024-10-13 18:43:13.013188 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=ENCR, val=AES_GCM_16 (key_len = 128)
2024-10-13 18:43:13.013214 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:13.013240 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:13.013266 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:13.013301 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: proposal id = 4:
2024-10-13 18:43:13.013326 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: protocol = IKEv2:
2024-10-13 18:43:13.013352 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: encapsulation = IKEv2/none
2024-10-13 18:43:13.013378 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=ENCR, val=AES_GCM_16 (key_len = 256)
2024-10-13 18:43:13.013405 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=PRF, val=PRF_HMAC_SHA2_384
2024-10-13 18:43:13.013430 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:13.013456 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:13.013491 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: proposal id = 5:
2024-10-13 18:43:13.013517 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: protocol = IKEv2:
2024-10-13 18:43:13.013542 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: encapsulation = IKEv2/none
2024-10-13 18:43:13.013569 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=ENCR, val=CHACHA20_POLY1305 (key_len = 256)
2024-10-13 18:43:13.013595 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:13.013621 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:13.013647 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:13.013688 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12336: no proposal chosen
2024-10-13 18:43:13.013752 ike V=root:Negotiate SA Error: [12803]
2024-10-13 18:43:13.013836 ike V=root:destorys tcp-transport(vd=0, vrf=0, intf=46:46, x.x.x.x:4500->y.y.y.y:4087 sock=35 refcnt=0 ph1=(nil)) (1).
2024-10-13 18:43:13.053164 ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:5355 sock=35 refcnt=2 ph1=(nil)) (2).
2024-10-13 18:43:19.010534 ike V=root:0: comes y.y.y.y:5355->x.x.x.x:4500,ifindex=46,vrf=0,len=632....
2024-10-13 18:43:19.010607 ike V=root:0: IKEv2 exchange=SA_INIT id=a2ce63e352fc1b22/0000000000000000 len=632
2024-10-13 18:43:19.010655 ike 0: in A2CE63E352FC1B220000000000000000212022080000000000000278220000F002000034010100050300000C0100000C800E00800300000802000005030000080300000C0300000804000005000000080400000E02000034020100050300000C0100000C800E01000300000802000005030000080300000C0300000804000005000000080400000E0200002C030100040300000C01000014800E008003000008020000050300000804000005000000080400000E0200002C040100040300000C01000014800E010003000008020000060300000804000005000000080400000E0000002C050100040300000C0100001C800E010003000008020000050300000804000005000000080400000E28000108000E0000D248B4A145134C0FF05E6DBB1B41745CCBA70AA3FA9776105C6DBBE37D913281D9AFCACC183CE005B4BD3542930B8DB218551D54A7FBE9F06AF9F02044F3096182BF73CFC7D9B132459B97060096039A1EAD6A127CA2D0CEB5036CF04F00D1C3E830BD7C6B25AD00D4E9CA8412BB4A6FF527C98E2C762CD621248D31F6B59461628829504D35CFE4F4826CE340F2D3121975974547FDBD001768506570138D48764F5563F15F3912553ACF7BEC4DF2C1AE94CA6D0AFA62EB856D5B1F0F016F964B9C9D58ACD23E1F7C16181376E05E390F50A575EF50AF05D2BBB1877130AFFDEC9E3C2E09AF0E1F2608E26841C0DDADD79FD86D5ED6579269A6CE88CC5F684529000024EB4616674F2D4CBDB1B687EF33B9D10874AF79B84C5A2FF2DD857BC2369BFE822900001C00004004C30E750B1E4F51AD2AF061AD616E22FDD49ABE802900001C00004005BA6C39E0D165EBA420FBD413F88B466B78F8872F000000080000402E
2024-10-13 18:43:19.010759 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337:sa bind new tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:5355 sock=35 refcnt=1 ph1=(nil))
2024-10-13 18:43:19.010800 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: responder received SA_INIT msg
2024-10-13 18:43:19.010837 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: received notify type NAT_DETECTION_SOURCE_IP
2024-10-13 18:43:19.010874 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: received notify type NAT_DETECTION_DESTINATION_IP
2024-10-13 18:43:19.010910 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: received notify type FRAGMENTATION_SUPPORTED
2024-10-13 18:43:19.010959 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: incoming proposal:
2024-10-13 18:43:19.010995 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: proposal id = 1:
2024-10-13 18:43:19.011022 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: protocol = IKEv2:
2024-10-13 18:43:19.011048 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: encapsulation = IKEv2/none
2024-10-13 18:43:19.011076 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=ENCR, val=AES_CBC (key_len = 128)
2024-10-13 18:43:19.011103 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:19.011130 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:19.011157 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:19.011183 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:19.011218 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: proposal id = 2:
2024-10-13 18:43:19.011244 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: protocol = IKEv2:
2024-10-13 18:43:19.011270 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: encapsulation = IKEv2/none
2024-10-13 18:43:19.011297 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=ENCR, val=AES_CBC (key_len = 256)
2024-10-13 18:43:19.011322 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-10-13 18:43:19.011348 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:19.011374 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:19.011400 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:19.011435 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: proposal id = 3:
2024-10-13 18:43:19.011461 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: protocol = IKEv2:
2024-10-13 18:43:19.011487 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: encapsulation = IKEv2/none
2024-10-13 18:43:19.011513 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=ENCR, val=AES_GCM_16 (key_len = 128)
2024-10-13 18:43:19.011540 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:19.011566 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:19.011591 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:19.011626 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: proposal id = 4:
2024-10-13 18:43:19.011652 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: protocol = IKEv2:
2024-10-13 18:43:19.011686 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: encapsulation = IKEv2/none
2024-10-13 18:43:19.011714 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=ENCR, val=AES_GCM_16 (key_len = 256)
2024-10-13 18:43:19.011741 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=PRF, val=PRF_HMAC_SHA2_384
2024-10-13 18:43:19.011767 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:19.011793 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:19.011827 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: proposal id = 5:
2024-10-13 18:43:19.011853 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: protocol = IKEv2:
2024-10-13 18:43:19.011878 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: encapsulation = IKEv2/none
2024-10-13 18:43:19.011905 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=ENCR, val=CHACHA20_POLY1305 (key_len = 256)
2024-10-13 18:43:19.011931 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=PRF, val=PRF_HMAC_SHA2_256
2024-10-13 18:43:19.011957 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP2048.
2024-10-13 18:43:19.012001 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: type=DH_GROUP, val=MODP1536.
2024-10-13 18:43:19.012042 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12337: no proposal chosen
2024-10-13 18:43:19.012116 ike V=root:Negotiate SA Error: [12803]
2024-10-13 18:43:19.012198 ike V=root:destorys tcp-transport(vd=0, vrf=0, intf=46:46, x.x.x.x:4500->y.y.y.y:5355 sock=35 refcnt=0 ph1=(nil)) (1).
2024-10-13 18:43:19.045184 ike V=root:accepts ike tcp-transport(vd=0, vrf=0, intf=0:46, x.x.x.x:4500->y.y.y.y:10937 sock=35 refcnt=2 ph1=(nil)) (2).
IKE debug log is saying...
1. receiving 5 proposals
2. none of them is matching the local config.
"2024-10-13 18:42:55.016464 ike V=root:0:a2ce63e352fc1b22/0000000000000000:12333: no proposal chosen"
Toshi
Hi, you can view below kb for the link :https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/255100/ipsec-vpn-to-azure-with-virtual-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.