Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shady79
New Contributor

peer has not completed XAUTH exchange

Hi folks

 

I'm trying to configure VPN L2TP/IPSEC tunnel between Fortigate30D and RouterOS with no success.

On forti side I get something like this:

 

ike 0: comes 188.146.66.63:17338->176.107.110.244:4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=134ea6f6f04405a0/a49bbef2abfe659b:9db24f00 len=92 ike 0: in 134EA6F6F04405A0A49BBEF2ABFE659B081005019DB24F000000005CFAC44775A4AC507D0145FA6CA10DA2D6E2A7E54C1B200037098D85AB1712745EA06056E8F322A9E99BFF456C8DA8350BDE0CB7F6A460C45CA38E587EF6B68B5A ike 0:vpn2_0:8035: dec 134EA6F6F04405A0A49BBEF2ABFE659B081005019DB24F000000005C0B0000189C1CECCD78534500A9F0E756C3DF03A9789266BE000000200000000101108D28134EA6F6F04405A0A49BBEF2ABFE659B00000CCF5066D9DF24021507 ike 0:vpn2_0:8035: notify msg received: R-U-THERE ike 0:vpn2_0:8035: enc 134EA6F6F04405A0A49BBEF2ABFE659B08100501540DA035000000540B0000183C344F1DE1E97C8B7B0C366ED2CCD18873F5EA3B000000200000000101108D29134EA6F6F04405A0A49BBEF2ABFE659B00000CCF ike 0:vpn2_0:8035: out 134EA6F6F04405A0A49BBEF2ABFE659B08100501540DA0350000005CC896744CF5FB50DC59A3F4FE6A297F03ABC92432D753CA70E7EE7C9FD40456A553E91D2757E5062CDE6E6AD2F80D844462A21A9528DD7D22D413CD85F4D93664 ike 0:vpn2_0:8035: sent IKE msg (R-U-THERE-ACK): 176.107.110.244:4500->188.146.66.63:17338, len=92, id=134ea6f6f04405a0/a49bbef2abfe659b:540da035 ike 0: comes 188.146.66.63:17338->176.107.110.244:4500,ifindex=5.... ike 0: IKEv1 exchange=Quick id=134ea6f6f04405a0/a49bbef2abfe659b:c178243a len=452 ike 0: in 134EA6F6F04405A0A49BBEF2ABFE659B08102001C178243A000001C4581A1366FA8A939887AFA5FBB761E54960FDFAA7618A9DEA592FEB932946563DC577C50127C4551ACA2D9381F9C8AFB50868D1651508073AE7E0B3220C9304AE06C8FD3E585EB6A04473CA6CBCFC26E0CA6ACDAC41230709DB08B4EFEB0C37C7FBF21F0A6AF9902713AD39BB8797AC01A99B87F98893B3FEA223DA717CDD409584F74FAE9EBF205731DFDA6081F600187D0F039243A35D1C35AAEB8726E12E45C43013BD2F155FBDC4ABB1ED70EEA60C6F75EA449DDAAAF4B18F2F039DBDD4E9E871918E20C99348673B44935C7C73C4F9FB07B4B8D7A3C060409B5F4FEE784B61D0FAE73EE6F44D93A8F60AF973BCD8C919D0336910ECEAFD3A5F0376CD03727430E959679EF57591AA073814C3036FCA9A44194336D80CF35206DAD4CE86B15DF6DBD5DD62DE16908DB710614984CD53E60DCCD12B9250EA1C40A40750AE16D8A788EE04AA9DE6139840C51F641DA23D0BF93ACA770E467AA67B7CFFC7E2C276479958043D3A200B1D0AD2C357927C0EC4A3B417266ABD7E954B3D15F70BA0D3EDE6517ED877D9516DF6A5158C3EF52B703509BCE17BF7DABBF12DA6BC8D6E0B800CBE014D2699 ike 0:vpn2_0:8035: peer has not completed XAUTH exchange

 

What could be wrong on Mikrotik side?

 

Regards

Shady

1 REPLY 1
heisenberg
New Contributor III

Are the XAUTH parameter set correctly on all the ends? if yes are they necessary? Try to disable it and use psk instead

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors