- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: vpn ipsec between Fortigate 5.2.2 and pfSense
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vpn ipsec between Fortigate 5.2.2 and pfSense
Hello,
I try in every mode to come up vpn tunnel between Fortigate with 5.2.2 and pfSense, I receive error before phase 1, with message "ignoring ike request, no policy configured" but I check 100 times... every is correct on both side. This is first time I do vpn to pfSense, I have other vpn with Cisco and Watchguard without problem, then I try change pfSense with Sophos but same result, I know that both use vpn based on openswan.
Thanks
M.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
"ignoring ike request, no policy configured" usually suggests firewall policy missing for Virtual IPSEC interface.
You might want to cross check firewall policies on Fortigate, there should be following two polices configured:
1>IPSEC virtual interface -> Internal interface (Where network for which traffic is to be send over VPN is connected)
2>Internal interface -> IPSEC virtual interface
Assuming VPN configured are in interface mode
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also don't forget about policies on the pfsense side
pfctl -s rule | grep ike
pfctl -s rule | grep esp
Make sure you correct the phase1-cfg as suggested b4.
ken
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Everyone!!
you got enable DPD in your PfSense and disabled in your Fortigate, i bet thats why is not working!
try to change it, and let both sides with equal config.
Let us know if it helps.
Bye!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also disable "auto-negotiate enable" in IKE Phase2 in the Fortigate Side.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
thanks to yours reply, I try and come back update you.
M.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I solve, the problem is I don't set firewall rule on Fortigate, I mean from local to remote network. I think I can do after tunnel up only to flow traffic.
Thanks to all for helps
M.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FWIW
auto-negotiate enable will not keep a vpn tunnel from coming up. It actually helps with automatica tunnel setup when interesting traffic is to encrypted.
For dpd yes the pfsense uses cisco dpd in the initial contact, but that also will not keep a tunnel from coming up either. typically if they follow cisco DPD which I think they do, the side that starts the conservation and has DPD enable will send attempt DPD only if the peer accepts and sends RU-THERE-ACKs
Once again, I don't think that's a issues at this point, since his phase1 errors so no acceptable policies.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
- « Previous
-
- 1
- 2
- Next »
Related Posts
- FortiGate Rules 10 Views
- Getting Packet Drop issue on IPsec... 31 Views
- DNS Fortigate NAT 52 Views
- Fortigate behavior changes without apparent reason. 63 Views
- FortiGate diag log test question 52 Views
Labels
-
FortiGate
6,695 -
FortiClient
1,333 -
5.2
801 -
5.4
639 -
FortiManager
578 -
FortiAnalyzer
422 -
6.0
416 -
5.6
362 -
FortiSwitch
343 -
FortiAP
340 -
FortiClient EMS
272 -
FortiMail
260 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
159 -
6.4
128 -
FortiNAC
110 -
FortiGuard
106 -
FortiSIEM
92 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
79 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
59 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
SD-WAN
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiAuthenticator
21 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Interface
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Logging
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Authentication
8 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSO
8 -
Application control
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
Web profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
Antivirus profile
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
Protocol option
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.