Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iortega
New Contributor

Created on ‎12-05-2016 01:09 PM

no SA proposal chosen VPN Site to Site

Hello

 

I have two fortigate units 60D with a VPN Site to Site between them, i used the fortinet template for build the VPN. This morning the Fortigate in branch was rebooted but the VPN not.

 

This is the log 

 

FORTIGATE60D_QUERETARO # ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=de9596c6ee44b64b/0000000000000000 len=656 ike 0: in DE9596C6EE44B64B0000000000000000011004000000000000000290040000FC0000000100000001000000F0010100060300002801010000800B0001000C00040001518080010007800E008080030001800200048004000E0300002802010000800B0001000C00040001518080010007800E010080030001800200048004000E0300002403010000800B0001000C0004000151808001000580030001800200048004000E0300002804010000800B0001000C00040001518080010007800E008080030001800200028004000E0300002805010000800B0001000C00040001518080010007800E010080030001800200028004000E0000002406010000800B0001000C0004000151808001000580030001800200028004000E0A0001044433A29DAA7BCF8ED59A1C5CAB7DA6E266B62A745813E69DAAF6BC43DAF2D04D6D2BA063B32DDF8703D411250D3DC152BF554ED1783263A9F560BBFDE99A4C837D0F6C963077A34FA58AEB587C5C8CB1CCFEC5BA5BDADAED6F291046FC6ACBB94B2306108B95078A7480A7CCFE30CDD239F9737D69B34A5C9EE5D7AE6CF789287192C4DC6D95D867EC67030067E909C092FA26DE825F679D1BE38A220D00A29562BDE0C7D2F73CFA40D95F843313F760BFA2041885C053B3254CCE61CA6A965D422BEB2C4236D84D7EB9F503838A4C9C8E5668B2D386133C29AF169756B8FF4981A7B6B6297846256ED8819809644E21C17BC2674A88438A732321AEBF89C913050000147C6F58D4530DFCCF6EAC095996FB75C30D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:de9596c6ee44b64b/0000000000000000:720: responder: aggressive mode get 1st message... ike 0:de9596c6ee44b64b/0000000000000000:720: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:de9596c6ee44b64b/0000000000000000:720: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:de9596c6ee44b64b/0000000000000000:720: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:de9596c6ee44b64b/0000000000000000:720: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:de9596c6ee44b64b/0000000000000000:720: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:de9596c6ee44b64b/0000000000000000:720: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=9cdd308a29c6fe2c/0000000000000000 len=592 ike 0: in 9CDD308A29C6FE2C0000000000000000011004000000000000000250040000FC0000000100000001000000F0010100060300002802010000800B0001000C00040001518080010007800E00808003000180020004800400050300002804010000800B0001000C00040001518080010007800E01008003000180020004800400050300002406010000800B0001000C000400015180800100058003000180020004800400050300002808010000800B0001000C00040001518080010007800E0080800300018002000280040005030000280A010000800B0001000C00040001518080010007800E0100800300018002000280040005000000240C010000800B0001000C000400015180800100058003000180020002800400050A0000C40D6DA421D05D2B1CB170B732D443442531FE0CE5E32C473E0BA5D75D792BBC8A1023A014B2DAA49E3D4DBC6AB0DAA50732E56C5C71DD1B1A722FA3C6C39D84288BC134C657C1AF62A59BDEAECF6AE886101D95EBEDCA67CB7040276624420D27E76333166F4DB79FE44EA7AF3EF96AD81FAEACBF556100498FF9CFCA7687C1DCC4D421D5BD74E54461E8938D11D3BFBF6D3E7BAF462DA01D792480E4E36B75926F057CAF5F739E7D727A0872D4DF395C8815D7602BEF0DC188D5308627F95A720500001461DD04F64E8DF16E33A5A9C3CAB31A880D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:9cdd308a29c6fe2c/0000000000000000:721: responder: aggressive mode get 1st message... ike 0:9cdd308a29c6fe2c/0000000000000000:721: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:9cdd308a29c6fe2c/0000000000000000:721: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:9cdd308a29c6fe2c/0000000000000000:721: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:9cdd308a29c6fe2c/0000000000000000:721: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:9cdd308a29c6fe2c/0000000000000000:721: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:9cdd308a29c6fe2c/0000000000000000:721: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=9cdd308a29c6fe2c/0000000000000000 len=592 ike 0: in 9CDD308A29C6FE2C0000000000000000011004000000000000000250040000FC0000000100000001000000F0010100060300002802010000800B0001000C00040001518080010007800E00808003000180020004800400050300002804010000800B0001000C00040001518080010007800E01008003000180020004800400050300002406010000800B0001000C000400015180800100058003000180020004800400050300002808010000800B0001000C00040001518080010007800E0080800300018002000280040005030000280A010000800B0001000C00040001518080010007800E0100800300018002000280040005000000240C010000800B0001000C000400015180800100058003000180020002800400050A0000C40D6DA421D05D2B1CB170B732D443442531FE0CE5E32C473E0BA5D75D792BBC8A1023A014B2DAA49E3D4DBC6AB0DAA50732E56C5C71DD1B1A722FA3C6C39D84288BC134C657C1AF62A59BDEAECF6AE886101D95EBEDCA67CB7040276624420D27E76333166F4DB79FE44EA7AF3EF96AD81FAEACBF556100498FF9CFCA7687C1DCC4D421D5BD74E54461E8938D11D3BFBF6D3E7BAF462DA01D792480E4E36B75926F057CAF5F739E7D727A0872D4DF395C8815D7602BEF0DC188D5308627F95A720500001461DD04F64E8DF16E33A5A9C3CAB31A880D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:9cdd308a29c6fe2c/0000000000000000:722: responder: aggressive mode get 1st message... ike 0:9cdd308a29c6fe2c/0000000000000000:722: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:9cdd308a29c6fe2c/0000000000000000:722: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:9cdd308a29c6fe2c/0000000000000000:722: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:9cdd308a29c6fe2c/0000000000000000:722: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:9cdd308a29c6fe2c/0000000000000000:722: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:9cdd308a29c6fe2c/0000000000000000:722: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=9cdd308a29c6fe2c/0000000000000000 len=592 ike 0: in 9CDD308A29C6FE2C0000000000000000011004000000000000000250040000FC0000000100000001000000F0010100060300002802010000800B0001000C00040001518080010007800E00808003000180020004800400050300002804010000800B0001000C00040001518080010007800E01008003000180020004800400050300002406010000800B0001000C000400015180800100058003000180020004800400050300002808010000800B0001000C00040001518080010007800E0080800300018002000280040005030000280A010000800B0001000C00040001518080010007800E0100800300018002000280040005000000240C010000800B0001000C000400015180800100058003000180020002800400050A0000C40D6DA421D05D2B1CB170B732D443442531FE0CE5E32C473E0BA5D75D792BBC8A1023A014B2DAA49E3D4DBC6AB0DAA50732E56C5C71DD1B1A722FA3C6C39D84288BC134C657C1AF62A59BDEAECF6AE886101D95EBEDCA67CB7040276624420D27E76333166F4DB79FE44EA7AF3EF96AD81FAEACBF556100498FF9CFCA7687C1DCC4D421D5BD74E54461E8938D11D3BFBF6D3E7BAF462DA01D792480E4E36B75926F057CAF5F739E7D727A0872D4DF395C8815D7602BEF0DC188D5308627F95A720500001461DD04F64E8DF16E33A5A9C3CAB31A880D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:9cdd308a29c6fe2c/0000000000000000:723: responder: aggressive mode get 1st message... ike 0:9cdd308a29c6fe2c/0000000000000000:723: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:9cdd308a29c6fe2c/0000000000000000:723: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:9cdd308a29c6fe2c/0000000000000000:723: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:9cdd308a29c6fe2c/0000000000000000:723: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:9cdd308a29c6fe2c/0000000000000000:723: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:9cdd308a29c6fe2c/0000000000000000:723: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=b8b330c517e43b7c/0000000000000000 len=656 ike 0: in B8B330C517E43B7C0000000000000000011004000000000000000290040000FC0000000100000001000000F0010100060300002801010000800B0001000C00040001518080010007800E008080030001800200048004000E0300002803010000800B0001000C00040001518080010007800E010080030001800200048004000E0300002405010000800B0001000C0004000151808001000580030001800200048004000E0300002807010000800B0001000C00040001518080010007800E008080030001800200028004000E0300002809010000800B0001000C00040001518080010007800E010080030001800200028004000E000000240B010000800B0001000C0004000151808001000580030001800200028004000E0A00010484E6FD8449FE086B3133E43BD82B6A0DE5FADF4F1F60317B84C0C42D6C279BDE527D91DA9653872EF04528F00282420FB67AC1EFAE65EEE4FDE5F2DCC3D6F1648A6E319F43A5870BE9AEA4B1A87906B1DC788708B4567279A7CB2DEBB5F8404097ABC790DB924EBE815E6C0219FD72783B12644A40B6D2A53B18D5B2D317B081267AEDCFD92F65424CC2F56BCAA64FB0A07E5C1C550A4744028E22B5B83821A01E83609E541BA102A98C4EA563849903E7882E8CCD456BD0C18BA95F89AE81378460824FE9406E9C47385C273BC3F5EBFD32EEF29191B0F82ECBEB8064B5423DB1DDC9B489FE03215E63E8F02FFDCA627A48C50A77DAD6F1E6D15201EB0BC7B805000014F2F7FC15BD40099A36D938D9295689440D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:b8b330c517e43b7c/0000000000000000:724: responder: aggressive mode get 1st message... ike 0:b8b330c517e43b7c/0000000000000000:724: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:b8b330c517e43b7c/0000000000000000:724: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:b8b330c517e43b7c/0000000000000000:724: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:b8b330c517e43b7c/0000000000000000:724: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:b8b330c517e43b7c/0000000000000000:724: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:b8b330c517e43b7c/0000000000000000:724: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=b8b330c517e43b7c/0000000000000000 len=656 ike 0: in B8B330C517E43B7C0000000000000000011004000000000000000290040000FC0000000100000001000000F0010100060300002801010000800B0001000C00040001518080010007800E008080030001800200048004000E0300002803010000800B0001000C00040001518080010007800E010080030001800200048004000E0300002405010000800B0001000C0004000151808001000580030001800200048004000E0300002807010000800B0001000C00040001518080010007800E008080030001800200028004000E0300002809010000800B0001000C00040001518080010007800E010080030001800200028004000E000000240B010000800B0001000C0004000151808001000580030001800200028004000E0A00010484E6FD8449FE086B3133E43BD82B6A0DE5FADF4F1F60317B84C0C42D6C279BDE527D91DA9653872EF04528F00282420FB67AC1EFAE65EEE4FDE5F2DCC3D6F1648A6E319F43A5870BE9AEA4B1A87906B1DC788708B4567279A7CB2DEBB5F8404097ABC790DB924EBE815E6C0219FD72783B12644A40B6D2A53B18D5B2D317B081267AEDCFD92F65424CC2F56BCAA64FB0A07E5C1C550A4744028E22B5B83821A01E83609E541BA102A98C4EA563849903E7882E8CCD456BD0C18BA95F89AE81378460824FE9406E9C47385C273BC3F5EBFD32EEF29191B0F82ECBEB8064B5423DB1DDC9B489FE03215E63E8F02FFDCA627A48C50A77DAD6F1E6D15201EB0BC7B805000014F2F7FC15BD40099A36D938D9295689440D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:b8b330c517e43b7c/0000000000000000:725: responder: aggressive mode get 1st message... ike 0:b8b330c517e43b7c/0000000000000000:725: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:b8b330c517e43b7c/0000000000000000:725: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:b8b330c517e43b7c/0000000000000000:725: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:b8b330c517e43b7c/0000000000000000:725: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:b8b330c517e43b7c/0000000000000000:725: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:b8b330c517e43b7c/0000000000000000:725: no SA proposal chosen ike 0: comes 189.210.178.103:500->187.163.184.91:500,ifindex=5.... ike 0: IKEv1 exchange=Aggressive id=b8b330c517e43b7c/0000000000000000 len=656 ike 0: in B8B330C517E43B7C0000000000000000011004000000000000000290040000FC0000000100000001000000F0010100060300002801010000800B0001000C00040001518080010007800E008080030001800200048004000E0300002803010000800B0001000C00040001518080010007800E010080030001800200048004000E0300002405010000800B0001000C0004000151808001000580030001800200048004000E0300002807010000800B0001000C00040001518080010007800E008080030001800200028004000E0300002809010000800B0001000C00040001518080010007800E010080030001800200028004000E000000240B010000800B0001000C0004000151808001000580030001800200028004000E0A00010484E6FD8449FE086B3133E43BD82B6A0DE5FADF4F1F60317B84C0C42D6C279BDE527D91DA9653872EF04528F00282420FB67AC1EFAE65EEE4FDE5F2DCC3D6F1648A6E319F43A5870BE9AEA4B1A87906B1DC788708B4567279A7CB2DEBB5F8404097ABC790DB924EBE815E6C0219FD72783B12644A40B6D2A53B18D5B2D317B081267AEDCFD92F65424CC2F56BCAA64FB0A07E5C1C550A4744028E22B5B83821A01E83609E541BA102A98C4EA563849903E7882E8CCD456BD0C18BA95F89AE81378460824FE9406E9C47385C273BC3F5EBFD32EEF29191B0F82ECBEB8064B5423DB1DDC9B489FE03215E63E8F02FFDCA627A48C50A77DAD6F1E6D15201EB0BC7B805000014F2F7FC15BD40099A36D938D9295689440D00000C01000000BDD2B2670D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE000502E0 ike 0:b8b330c517e43b7c/0000000000000000:726: responder: aggressive mode get 1st message... ike 0:b8b330c517e43b7c/0000000000000000:726: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:b8b330c517e43b7c/0000000000000000:726: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:b8b330c517e43b7c/0000000000000000:726: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:b8b330c517e43b7c/0000000000000000:726: VID FORTIGATE 8299031757A36082C6A621DE000502E0 ike 0: IKEv1 Aggressive, comes 189.210.178.103:500->187.163.184.91 5 ike 0:QRO_LEON_AXT: sending DNS request for remote peer 189.210.176.188 ike 0:qro_le_axt: ignoring IKE request, no policy configured ike 0:b8b330c517e43b7c/0000000000000000:726: negotiation failure ike Negotiate ISAKMP SA Error: ike 0:b8b330c517e43b7c/0000000000000000:726: no SA proposal chosen

 

Any idea??

 

Thanks for your help

5192
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.