Hello,
I hope that maybe someone can help me with this.
I have a FGT80C with Version 5.0.2 and a Forticlient 5.0.1.
I try to setup an IPSEC VPN with Certificates and can' t get this to work.
When I use a PSK the Connections comes up.
The Configuration of the Firewall:
config vpn ipsec phase1-interface
edit " Remote"
set type dynamic
set interface " wan1"
set authmethod rsa-signature
set peertype peergrp
set mode-cfg enable
set proposal 3des-sha1 aes128-sha1
set rsa-certificate " 80C"
set peergrp " Cert_User"
set ipv4-start-ip 10.254.254.1
set ipv4-end-ip 10.254.254.14
set ipv4-netmask 255.255.255.0
set dns-mode auto
set ipv4-split-include " PM_Network"
next
end
config vpn ipsec phase2-interface
edit " Remote"
set phase1name " Remote"
set proposal 3des-sha1 aes128-sha1
next
end
In the Debug I can see the following:
2013-05-14 16:28:32 ike 0: comes 92.79.191.198:500->62.72.87.100:500,ifindex=4....
2013-05-14 16:28:32 ike 0: IKEv1 exchange=Identity Protection id=d94dd2ded8ef755b/0000000000000000 len=336
2013-05-14 16:28:32 ike 0: in D94DD2DED8EF755B00000000000000000110020000000000000001500D00009C000000010000000100000090010100040300002001010000800B0001800C7080800100058003000380020001800400050300002002010000800B0001800C7080800100058003000380020002800400050300002403010000800B0001800C708080010007800E00808003000380020001800400050000002404010000800B0001800C708080010007800E00808003000380020002800400050D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E0D00001412F5F28C457168A9702D9FE274CC01000D00000C09002689DFD6B71200000014AFCAD71368A1F1C96B8696FC77570100
2013-05-14 16:28:32 ike 0: cache rebuild start
2013-05-14 16:28:32 ike 0:Remote: cached as dynamic
2013-05-14 16:28:32 ike 0: cache rebuild done
2013-05-14 16:28:32 ike 0:Remote:13: responder: main mode get 1st message...
2013-05-14 16:28:32 ike 0:Remote:13: VID RFC 3947 4A131C81070358455C5728F20E95452F
2013-05-14 16:28:32 ike 0:Remote:13: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
2013-05-14 16:28:32 ike 0:Remote:13: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
2013-05-14 16:28:32 ike 0:Remote:13: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
2013-05-14 16:28:32 ike 0:Remote:13: enable FortiClient license check
2013-05-14 16:28:32 ike 0:Remote:13: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
2013-05-14 16:28:32 ike 0:Remote:13: enable FortiClient endpoint compliance check, use 169.254.1.1
2013-05-14 16:28:32 ike 0:Remote:13: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100
2013-05-14 16:28:32 ike 0:Remote:13: peer supports UNITY
2013-05-14 16:28:32 ike 0:Remote:13: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
2013-05-14 16:28:32 ike 0:Remote:13: VID DPD AFCAD71368A1F1C96B8696FC77570100
2013-05-14 16:28:32 ike 0:Remote:13: DPD negotiated
2013-05-14 16:28:32 ike 0:Remote:13: negotiation result
2013-05-14 16:28:32 ike 0:Remote:13: proposal id = 1:
2013-05-14 16:28:32 ike 0:Remote:13: protocol id = ISAKMP:
2013-05-14 16:28:32 ike 0:Remote:13: trans_id = KEY_IKE.
2013-05-14 16:28:32 ike 0:Remote:13: encapsulation = IKE/none
2013-05-14 16:28:32 ike 0:Remote:13: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC.
2013-05-14 16:28:32 ike 0:Remote:13: type=OAKLEY_HASH_ALG, val=SHA.
2013-05-14 16:28:32 ike 0:Remote:13: type=AUTH_METHOD, val=RSA_SIG.
2013-05-14 16:28:32 ike 0:Remote:13: type=OAKLEY_GROUP, val=1536.
2013-05-14 16:28:32 ike 0:Remote:13: ISKAMP SA lifetime=28800
2013-05-14 16:28:32 ike 0:Remote:13: selected NAT-T version: RFC 3947
2013-05-14 16:28:32 ike 0:Remote:13: cookie d94dd2ded8ef755b/14db97b7eddd963a
2013-05-14 16:28:32 ike 0:Remote:13: out D94DD2DED8EF755B14DB97B7EDDD963A0110020000000000000000C80D000034000000010000000100000028010100010000002002010000800B0001800C7080800100058003000380020002800400050D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00050093
2013-05-14 16:28:32 ike 0:Remote:13: sent IKE msg (ident_r1send): 62.72.87.100:500->92.79.191.198:500, len=200, id=d94dd2ded8ef755b/14db97b7eddd963a
2013-05-14 16:28:32 ike 0: comes 92.79.191.198:500->62.72.87.100:500,ifindex=4....
2013-05-14 16:28:32 ike 0: IKEv1 exchange=Identity Protection id=d94dd2ded8ef755b/14db97b7eddd963a len=292
2013-05-14 16:28:32 ike 0: in D94DD2DED8EF755B14DB97B7EDDD963A0410020000000000000001240A0000C417A0D9362F40D18DE205182BD31F996DF00DBC96FF4665DC56DB4B23BAC0826C9DCFC906B961A711F6E665459E269D56C9A7BF3006F18245400345462E3ED112052D6A6B17D54E8B953541992E194916CBE9FCDC07A96ABD3BE35B451127F39ADC3C67ACD9F02795D36F95AE6906BE33D173E95F9630BE619C2C3813E1AC48CB157118AA573C07D981F179E2796D88C6D327B1FAC4D5370815E426311E68A64B991F8BA87D57452B52A82C72F72AA5B1B564CDB14BAA0EAA8CDFABE1C5C1B7EB140000149AD920430F6B1CB0A7620ADD7DB2EDFD140000180FFD90F9579191861AA21A0E48C8C604BDF12D9E000000183E27467B70CE9F1D4CA806ED0613F369C8A75B34
2013-05-14 16:28:32 ike 0:Remote:13: responder:main mode get 2nd message...
2013-05-14 16:28:32 ike 0:Remote:13: NAT detected: PEER
2013-05-14 16:28:32 ike 0:Remote:13: out D94DD2DED8EF755B14DB97B7EDDD963A0410020000000000000001290A0000C4CA74D5B61DB39365A7DDDF2D38B15391241F5AB0830C34F1FC7B1A2899348D8F2FAC85B11052B663BFA72727E98AF6086DBD1FB5A1C0539786959AD5C3210C34AA918FA982519B34C4ABE42F3557401421E96EDFE556E6F075730E7327BCF2B1A9856112142C4D268BFEE97721C78CCBD1710B26DAC625882E626F9EC41F2CB34A6B13F7736E6997C2C282C135EB1502B5225677AA7643B42B186B440F919E444F1B3B8C8AC354C8D5E87B550805AD0886C3A06BFAB17950A627D0550799A6AF07000014FA46F567D8C19066D13F5A3D438FB7061400000504140000186A351DF4C24231FD2CA57F3F37883111D6B2D0A0000000180FFD90F9579191861AA21A0E48C8C604BDF12D9E
2013-05-14 16:28:32 ike 0:Remote:13: sent IKE msg (ident_r2send): 62.72.87.100:500->92.79.191.198:500, len=297, id=d94dd2ded8ef755b/14db97b7eddd963a
2013-05-14 16:28:32 ike 0:Remote:13: ISAKMP SA d94dd2ded8ef755b/14db97b7eddd963a key 24:D333A21C48E22B3BC67997044CDE848019647292D0F5E52E
2013-05-14 16:28:32 ike 0: comes 92.79.191.198:4500->62.72.87.100:4500,ifindex=4....
2013-05-14 16:28:32 ike 0: IKEv1 exchange=Identity Protection id=d94dd2ded8ef755b/14db97b7eddd963a len=1140
2013-05-14 16:28:32 ike 0: in D94DD2DED8EF755B14DB97B7EDDD963A0510020100000000000004747E977E22D6F6E9BDE61E239F111C42A8935F9861D1A4CDE2793FC380A7549834902C5833B7364484F47CFA52EAD553FA70CD244FCAAF5CE0D97C45225A998635F9894210E9D3201166166AB4BAB4E23C6540CFFF4F4E679C57B4EF2A21622ED93E47A4548D518B17F74C00EBD203238472153E7A45CC4F0FE6454B7453F317F6640599D3ADF6842400E785B7A34D0AD1D5A72C76683AC215B01B2196D45DEA37E79007B7E2D5121CF5F8DAF4DDD817487520C67BC7F9411430B6E8228BF5D14DB99E70C707A2DEE45DF2C60BEA10F60541412CC40F7CED2480C6AE4DB81BF82FA24E0F16AAAB4395F4ABAA1FF783226AE3CCAE9E9D758299F8BCF84CF41883C7392B37CD9984CCE017243B78370B02C200AF0669803A7E7BEEF0A3F4E72D75667FC95989C575BC094F7610713201150C7822F65E6BB12438617D91C244134CE13A6C51B8E715C66420C14407598827D67141200DA7CE91BCFA81FAC9F9C06CD345519B1A01430D768E1911A34633A88AC4F9BFDB50B267079A8705B718EEB357ACDEF96139AF7C56FB90A1FD2BDD0A7AD3CE329C2763D8F61E6FF0D683DEB81BA06BC7E6245980465EDD940DD5C5EB7DDDC828B76BC78CD559B71581B8E95E126BBF1688DB594C84EC1C11393C28DF4DDF17F6089B24C8C0E5403CFAF281B6829306B9CBCBF7430EF57CE26D0E24E17036BA63E83302ECBED5CBDF6B1C2B7569E4873B7FC02AB2B8E02F0992560D7C907CF5BE662E9666B8A4E146F4E18E11BC3A84E0CB764D3471AD88A82130051EB378BCD382FD03082D6B507050947EE8B207A2250AA5FC9F042C51476A94F92B466E4850791E9AD2CBDE7F74ABB81AE276D44D50B7393ED840070CB595ED981AE05C2DF53B2164A9EA983AF8B20A839F73DD6D34CAC574265B5D76C59A33E400CEBEDCE6570C7299F5B39EBC45EDA4BA5EBEE45341BDFC8186F27A12D7F5A58EF034165DFFB1C14A03583CFBA9BE6A910A279FFD95293162292FA7B45D55F0481AA48140B507A13215EABB6D2D34E9931CC63B26161D5CD56F15713B4D3EAD45DA0EEAB88C9AE677C45FD533BACEE05ED63505F2142A24FAAD76FFC967AAF01FE0F38D8D1157C96D067ABC249E6350FE335D04B4FAD771F10F98A06FEFFAB91F22FA16D3F86994CC46FDFA117AC39DA76062D8E5F4AD5377C2C6BE723807C6F13BB9E57482E5966D11D933470326FC79B5578EC8E2649C8F9FB65915A7F97F355A23BD47DAD406C7158A710AC2ACFD1021129D7FA151309EC480D50445F9802F3C67C1579F295C0EAD5BBF4C0E157E8DF858BA32311E25FEEE741628409B87DEE2BDB7CDD358A836503D2EEB8F3180347DC52CDAE3A7771837BD15F8C6C38F0DCC201F06248AE9698C8FE792FE1A8C2CA3A2B8A560B10E4E6EB4B45630236143F7E45CC9999B36501DCCB384633E5AD77DDFBEBBDFDA6D59B0CC773DE364751E5FF6A16AE2F0B5967A949C8A7CF71EABF98D38099E928BBE523C813424B5A76EA3EAA2F878F3F8CF7D74E9EA9B7EE553CD547BB7293C108F20F3F4B1D3834BB35748C8A2AE81449548
2013-05-14 16:28:32 ike 0:Remote:13: responder: main mode get 3rd message...
2013-05-14 16:28:32 ike 0:Remote:13: dec D94DD2DED8EF755B14DB97B7EDDD963A0510020100000000000004740600009D09000000308192310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310F300D060355040313064F6C69766572312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D09000313043082030A30820273A003020102020107300D06092A864886F70D0101050500308191310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310E300C06035504030C05504D5F4341312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D301E170D3133303531343030303030305A170D3433303530373233353935395A308192310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310F300D060355040313064F6C69766572312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100E0BC986E08DBC842A7E352E71D9D4DEE9CB3600841BE484E89E9F114886467110EA92B206362A778F8BB1EC7EABAAD26260B6DA4B26217B81E814E5EE3CBB3A46E3BF3663161A20505D0AD0E5F90E66EB0E0A59784E47F562BA35E59A728B2D2CA271748566FC0725D6E6A3C821E3BC23D75FA4D4F68BAC35A856ABDE1ABD3530203010001A36F306D300C0603551D130101FF04023000301D0603551D0E04160414921C7A0179C36CB83AF65A13B7F57346E07F21D4300B0603551D0F0404030205E0301106096086480186F8420101040403020640301E06096086480186F842010D0411160F786361206365727469666963617465300D06092A864886F70D0101050500038181000A177DE369D89D7BE98AFD59C3EF7442A8C278163638C485965DDFC8452B1568B73DEC2F15513566840FF5D30A0014DAD1BBA420CC57C9EEE0074A7194DB1415D8110759F82595811F588E5AF962CD95BECCC2BAA7A8017E6A6BDA6F7B61BA9350C77BF6AB49FC1C9F8EE8B00BE498443C923569CB4A9756E2ED5EA7C30CDBF0070000848F307D6F4611100A685BF80F0372ED0D349C226D4BF2DF7D573B6AAF3F39B5DBDA92EA53C2EA9AC7C5661D4CD840ECE44EC6CB1D881AF5A517EE439B2844E9D3BF4E98A8E39ECB13C13B10110E5CC8704B7B95B2051961EA2262D003B1DAF4622D96C99BEADE536C47EAAF9CDA978986841035B5D327D04AB59EDBA46E3D31F50B000005040000001C0000000101106002D94DD2DED8EF755B14DB97B7EDDD963A868502
2013-05-14 16:28:32 ike 0:Remote:13: received notify type 24578
2013-05-14 16:28:32 ike 0:Remote:13: Validating X.509 certificate
2013-05-14 16:28:32 ike 0:Remote:13: building fnbam peer candidate list
2013-05-14 16:28:32 ike 0:Remote:13: FNBAM_GROUP_NAME candidate ' Cert_User'
2013-05-14 16:28:32 ike 0:Remote:13: certificate validation pending
2013-05-14 16:28:32 ike 0:Remote:13: fnbam reply ' Cert_User'
2013-05-14 16:28:32 ike 0:Remote:13: fnbam matched peergrp ' Cert_User'
2013-05-14 16:28:32 ike 0:Remote:13: responder: main mode get 3rd message...
2013-05-14 16:28:32 ike 0:Remote:13: dec D94DD2DED8EF755B14DB97B7EDDD963A0510020100000000000004740600009D09000000308192310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310F300D060355040313064F6C69766572312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D09000313043082030A30820273A003020102020107300D06092A864886F70D0101050500308191310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310E300C06035504030C05504D5F4341312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D301E170D3133303531343030303030305A170D3433303530373233353935395A308192310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310F300D060355040313064F6C69766572312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100E0BC986E08DBC842A7E352E71D9D4DEE9CB3600841BE484E89E9F114886467110EA92B206362A778F8BB1EC7EABAAD26260B6DA4B26217B81E814E5EE3CBB3A46E3BF3663161A20505D0AD0E5F90E66EB0E0A59784E47F562BA35E59A728B2D2CA271748566FC0725D6E6A3C821E3BC23D75FA4D4F68BAC35A856ABDE1ABD3530203010001A36F306D300C0603551D130101FF04023000301D0603551D0E04160414921C7A0179C36CB83AF65A13B7F57346E07F21D4300B0603551D0F0404030205E0301106096086480186F8420101040403020640301E06096086480186F842010D0411160F786361206365727469666963617465300D06092A864886F70D0101050500038181000A177DE369D89D7BE98AFD59C3EF7442A8C278163638C485965DDFC8452B1568B73DEC2F15513566840FF5D30A0014DAD1BBA420CC57C9EEE0074A7194DB1415D8110759F82595811F588E5AF962CD95BECCC2BAA7A8017E6A6BDA6F7B61BA9350C77BF6AB49FC1C9F8EE8B00BE498443C923569CB4A9756E2ED5EA7C30CDBF0070000848F307D6F4611100A685BF80F0372ED0D349C226D4BF2DF7D573B6AAF3F39B5DBDA92EA53C2EA9AC7C5661D4CD840ECE44EC6CB1D881AF5A517EE439B2844E9D3BF4E98A8E39ECB13C13B10110E5CC8704B7B95B2051961EA2262D003B1DAF4622D96C99BEADE536C47EAAF9CDA978986841035B5D327D04AB59EDBA46E3D31F50B000005040000001C0000000101106002D94DD2DED8EF755B14DB97B7EDDD963A868502
2013-05-14 16:28:32 ike 0:Remote:13: already have certificate (type=4)
2013-05-14 16:28:32 ike 0:Remote:13: received notify type 24578
2013-05-14 16:28:32 ike 0:Remote:13: certificate validation succeeded
2013-05-14 16:28:32 ike 0:Remote:13: signature verification succeeded
2013-05-14 16:28:32 ike 0:Remote:13: authentication OK
2013-05-14 16:28:32 ike 0:Remote:13: enc D94DD2DED8EF755B14DB97B7EDDD963A05100201000000000000044A0600009A0900000030818F310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310C300A06035504031303383043312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D09000310043082030730820270A003020102020103300D06092A864886F70D0101050500308191310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310E300C06035504030C05504D5F4341312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D301E170D3133303531343030303030305A170D3433303530373233353935395A30818F310B3009060355040613026465310C300A060355040813034E5257310E300C060355040713054E65757373310C300A060355040A130349544D311A3018060355040B131150726F64756B746D616E6167656D656E74310C300A06035504031303383043312A302806092A864886F70D010901161B6F2E7363686D6964686F6665724069746D2D67726F75702E636F6D30819F300D06092A864886F70D010101050003818D0030818902818100C351AC1400BDAF1D52D1728B740CD4E0AD0F42E2755CD059A90CBAA81DC581F9BFC173AFB37EC60C38ABFD2A70186E022FA8CB09C15CFD3790B23732A64CC5DF84CA008F8C43E726DB510B16261B2B1BF22DE0C51C5384692ECF0B32BF87A6A4494DA7B56C48AB4B5A6AC8CBB7CA08E397FB244374DC5C29B5298CF61A898BAF0203010001A36F306D300C0603551D130101FF04023000301D0603551D0E04160414782FB374656A74ADD5C62602968D183BB0A3BE4B300B0603551D0F0404030205E0301106096086480186F8420101040403020640301E06096086480186F842010D0411160F786361206365727469666963617465300D06092A864886F70D0101050500038181006DD019C6865AB5E05C81ACDCCB30EFCED6C49A551C8A62783A24F4DA09FF19AF03581A80A8BB450F1EDC1C6E4E81857C548E71D5F672B24FFD730FC837819E50E6929BDB6BAB90ABC29C3CE2AE447EFD90C9522239B2E90142849B06A245158F928737527F54464C769F42E74F0185E04F57C7D8DDCEF1E9C175C2D5E9BEF32E000000841ABDA8D5FC16B060CFDAF2CDD3D8BC0A124793FD9295845AD7974FBCEA58A2F8CE74D81FBCDE3F189687970720728FD802BA6DFC706590A1AA89A020EB6C2FA15228F50CFAF7163ACFDFAE59275E489F1EAB1B46A202717D65D068F9D4E3636DC5D5F0CD4212C652EDB9E3C8A4ECB6046DEB62AF0ED5491B303CCF8A15057623
2013-05-14 16:28:32 ike 0:Remote:13: port change 500 -> 4500
2013-05-14 16:28:32 ike 0:Remote:13: out D94DD2DED8EF755B14DB97B7EDDD963A05100201000000000000044C8363AE7A96A816C055884C24A6AD2D21112581C32949AE0DD5DD9C06E11B4B3EA2338937F42BD93E6BDA905AEB215A57CE66F4AF15334D7BAC1E5B2691EDA6A7AA1F17FCE2D6D54D9E3338A761DE7D250AC078FD31CB2BB5CEC2B74FBC56870BF0AB28A10E2D3C79343AD2842CBDA7C08D6AC9AC486F42A3A2505067447FFF048504F5B15DED5A19DB5561349F9D9EFCE84954A18C7AF1A24D739EAC389113C82E0D047A4061857E5B118769368DAFE01CB2CA9FB0242F0131454D163A184BA6206DADE2C617510055F77C6B404B93C2B597FEC960DE7E998F458F7A0B9E93AB6953030F2AC2A814D5A502F1D7A5CBAD92AAC91B8CDD7BA223FCFA767B5DD93DA95A047464EB0D1A8C3970812382D9FDAB03CA8B3308FFE415D995328E50AADCAA8FEF1228A907297BDA5C41C651D2B195D2DD523B486500D95BF9B1CA29FC1D4AD1344BA3DC6B2EEDAE47D610F2D179BEF9D13967D0A86C817503CFF74D583FBBC238C99AE1C4F1D738F253C120EDE834065190BFEB27918C0602C81399852E4A33C1FF6B9805333FCB914565354817CBC5D29B4E4A54003768168022B20C36AD96782BD432EB4AF85C4BF1EBC983F981EB6DBAD55E9AE8523C58AE02F4A93FDCF725F483335229D5083EDAF9423105AC6476D0F4E822EC9ADB5FE3C4DFB66AD437D50C1913AD3EE784596CF8CDA98C8E298D4F104A0B8B133082A1CAA47576D3D37BD5E81073007A90BDB77D35423D9722E794F5F422CA83E374289EC8E6DA26EC95F4F644E4653AC764F3C15556EBAB4381B73A4144A51E4242481C6EE1DC6A33228B4C1C92E0389DE17C52B1D17B11968FD198E5B3D3F271D7E8401B1F594FCFE11E8CA45CACDCE32A29E3D1422296A246738F515D86AB1717FC3EE70D2BFCF93C05943A65316283F84C4CFD63BFA60D8F43B6C0CB80A0D5F86762287662EAC452571725C45695A220E7CD0228ADACA93F80BEABAC440551B81A636A70239009FED6B634E74F7EBB3F40596BCDEFC2EB32B5CE8B42ACF31C194F85B2F12FA542F9050E56EF2E71EDFC6B17D08DE3B1CCE1F837DA10B55D9256BED72A2ED2FBDB0913D601F3102076E5BF8ADFE059DBA7A2C3A2F448E193207645FD4549D10299B426B3B3B62395D5DC3A7E3C43089884C7ACF104CD46F98E78A6309E5F25ABCEB58C8909DD8E1367716440543C6E9E4CAA1ACB5A898ED50CBD74C7D75B8298DEDB0D51DE65B5BAE9275425C1A4C1053DE78A16E495F1033090EAE6F20887066843A68A168769911E6B5DEEB9C07AEE75D4CACF6A3C61FA1B6F513E610A0290B8603D94EB960BB4E644FE9CCDB60DA072CEEBD0375CECCBB0AAE8158A0A892BC2917DD0B0B48C1C5D97C89208FC4057B2A8BFD9E5C1466C4906307E672AD64720030860780F263C3D2E5967AB5358EE84A1A07D5519A29CEF600EB19F283FA364B8570E638E47A9C033E0704E6EEF1EBD7BC40E85E5F0104ADB5EB890BE775496BB141AAB9BBE38AC1C36CEB80312
2013-05-14 16:28:32 ike 0:Remote:13: sent IKE msg (ident_r3send): 62.72.87.100:4500->92.79.191.198:4500, len=1100, id=d94dd2ded8ef755b/14db97b7eddd963a
2013-05-14 16:28:32 ike 0:Remote:13: established IKE SA d94dd2ded8ef755b/14db97b7eddd963a
2013-05-14 16:28:32 ike 0:Remote: adding new dynamic tunnel for 92.79.191.198:4500
2013-05-14 16:28:32 ike 0:Remote_0: added new dynamic tunnel for 92.79.191.198:4500
2013-05-14 16:28:32 ike 0:Remote_0: add connected route 169.254.1.1 -> 169.254.1.1
2013-05-14 16:28:32 ike 0:Remote_0: add connected route 36.169.254.1 -> 1.169.254.1 failed 1
2013-05-14 16:28:32 ike 0:Remote_0:13: processing INITIAL-CONTACT
2013-05-14 16:28:32 ike 0:Remote_0: flushing
2013-05-14 16:28:32 ike 0:Remote_0: flushed
2013-05-14 16:28:32 ike 0:Remote_0:13: processed INITIAL-CONTACT
2013-05-14 16:28:32 ike 0:Remote_0:13: no pending Quick-Mode negotiations
2013-05-14 16:28:32 ike 0: comes 92.79.191.198:4500->62.72.87.100:4500,ifindex=4....
2013-05-14 16:28:32 ike 0: IKEv1 exchange=Informational id=d94dd2ded8ef755b/14db97b7eddd963a:c512b06d len=68
2013-05-14 16:28:32 ike 0: in D94DD2DED8EF755B14DB97B7EDDD963A08100501C512B06D000000443B17D690C88A785539788D68443CA0DA62E391BB81517C424F4AE3C63F25514FFC3811C6474D31D6
2013-05-14 16:28:32 ike 0:Remote_0:13: dec D94DD2DED8EF755B14DB97B7EDDD963A08100501C512B06D00000044F4F78AB517052D66E513928460EE55302E43A158668850130000000C0000000101000016B3CDCF03
2013-05-14 16:28:34 ike shrank heap by 114688 bytes
2013-05-14 16:28:35 ike 0: comes 92.79.191.198:4500->62.72.87.100:4500,ifindex=4....
2013-05-14 16:28:37 ike 0:Remote_0: link is idle 4 62.72.87.100->92.79.191.198:4500 dpd=1 seqno=1
2013-05-14 16:28:37 ike 0:Remote_0:13: send IKEv1 DPD probe, seqno 1
2013-05-14 16:28:37 ike 0:Remote_0:13: enc D94DD2DED8EF755B14DB97B7EDDD963A08100501F4BDEADC000000540B0000183831885B4F59607E40DEA891697F7A0ED69EEB0F000000200000000101108D28D94DD2DED8EF755B14DB97B7EDDD963A00000001
2013-05-14 16:28:37 ike 0:Remote_0:13: out D94DD2DED8EF755B14DB97B7EDDD963A08100501F4BDEADC0000005CD6199573F03A4DC00A108E3B710EDFF99081711178A3F8BFC715E9D3FC268AAEBEC68A1872A3A6807476E18B96D0A694C23D166DBD04DB9F8DFBF898D8E4C0D8
2013-05-14 16:28:37 ike 0:Remote_0:13: sent IKE msg (R-U-THERE): 62.72.87.100:4500->92.79.191.198:4500, len=92, id=d94dd2ded8ef755b/14db97b7eddd963a:f4bdeadc
2013-05-14 16:28:38 ike 0: comes 92.79.191.198:4500->62.72.87.100:4500,ifindex=4....
2013-05-14 16:28:41 ike 0: comes 92.79.191.198:4500->62.72.87.100:4500,ifindex=4....
2013-05-14 16:28:42 ike 0:Remote_0: link is idle 4 62.72.87.100->92.79.191.198:4500 dpd=1 seqno=1
2013-05-14 16:28:42 ike 0:Remote_0:13: send IKEv1 DPD probe, seqno 1
2013-05-14 16:28:42 ike 0:Remote_0:13: enc D94DD2DED8EF755B14DB97B7EDDD963A08100501EE452BEF000000540B000018393630C81F4B4DA5E087BF2BC9A48E326986717A000000200000000101108D28D94DD2DED8EF755B14DB97B7EDDD963A00000001
2013-05-14 16:28:42 ike 0:Remote_0:13: out D94DD2DED8EF755B14DB97B7EDDD963A08100501EE452BEF0000005C6E68EFC2A83021B1F49783E78C89232FCEEEE056984775A6833FE2000E86FD7D442A212647299FF9CC718A3619E95650319FF232D4BE645941CF5FBFF91FD56B
2013-05-14 16:28:42 ike 0:Remote_0:13: sent IKE msg (R-U-THERE): 62.72.87.100:4500->92.79.191.198:4500, len=92, id=d94dd2ded8ef755b/14db97b7eddd963a:ee452bef
2013-05-14 16:28:47 ike 0:Remote_0: link is idle 4 62.72.87.100->92.79.191.198:4500 dpd=1 seqno=1
2013-05-14 16:28:47 ike 0:Remote_0:13: send IKEv1 DPD probe, seqno 1
2013-05-14 16:28:47 ike 0:Remote_0:13: enc D94DD2DED8EF755B14DB97B7EDDD963A081005014079F279000000540B000018E2EB2B9A157978F28D4A7599BA0997DAF1688C09000000200000000101108D28D94DD2DED8EF755B14DB97B7EDDD963A00000001
2013-05-14 16:28:47 ike 0:Remote_0:13: out D94DD2DED8EF755B14DB97B7EDDD963A081005014079F2790000005CA506E34398C8611EB58F770721C496E954EED3CC47224EE911381D0E8287D74E67DB07AE66226E55B08C59580826B7138054060497D2E4517ED7066B1D8457CB
2013-05-14 16:28:47 ike 0:Remote_0:13: sent IKE msg (R-U-THERE): 62.72.87.100:4500->92.79.191.198:4500, len=92, id=d94dd2ded8ef755b/14db97b7eddd963a:4079f279
2013-05-14 16:28:52 ike 0:Remote_0: link fail 4 62.72.87.100->92.79.191.198:4500 dpd=1
2013-05-14 16:28:52 ike 0:Remote_0: link down 4 62.72.87.100->92.79.191.198:4500
2013-05-14 16:28:52 ike 0:Remote_0: deleting
2013-05-14 16:28:52 ike 0:Remote_0: flushing
2013-05-14 16:28:52 ike 0:Remote_0: sending SNMP tunnel DOWN trap
2013-05-14 16:28:52 ike 0:Remote_0: flushed
As you can see the Certificates are accepted.
I can' t see why this does not go any further.
In the PSK Log it looks also the same, except that it start after the " no pending Quick-Mode negotiations" the Setup for the config-mode.
Does anyone have a hint for me? Or a Link for a PDF from Fortinet which describes such a Setup.
By the Way does anyone know if the Forticlient will be changed in the Future so that you can configured it without the VPNEditor?
Best Regards
Oliver