IPsec phase 1 negotiation failure

stevenp · ‎12-05-2022

Trying to figure why the IPsec phase 1 negation fails then is fixes itself after a few minutes. This is an on and off thing which has happened twice in 2 days.

Any tips to try figure the issue out

Thanks

Details:

Fortigate VM64-KVM

Version: 6.0.6

pjawalekar · ‎12-06-2022

Hi,
This issue seems to be an odd behavior related to firmware version.

As per your comments, I see that you are using 6.0.6 firmware version, which is end of support on 2022-09-29, Hence I suggest you to upgrade the firmware version to 6.2.X and above.
Regards
Pratik.

stevenp · ‎12-07-2022

I will be doing the update on this asap and see if it fixes the issue.

Thanks

seshuganesh · ‎12-06-2022

Hi,

If both ends are fortigate firewalls, execute these commands in both firewalls in both firewalls:

diag vpn ike log-filter dst-addr4 a.b.c.d (where a.b.c.d is the remote gateway ip)

diag debug application ike -1

Once you get the debug logs, please disable the debug using this command "diag debug disable"

diag debug enable

stevenp · ‎12-07-2022

unfortunately the other side isn't Fortigate. I will do a software update and see how that turns out.

IPsec phase 1 negotiation failure

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website