Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alby23
Contributor II

Created on ‎11-24-2016 07:38 AM

VPN IPsec does not come up: troubleshooting

Hi all,

I'm trying to set up a VPN IPsec with an Endian Firewall but I'm not able to.

 

This is the output of the "diagnose debug application ike -1" on the FortiGate.

 

X.Y.W.Z is the IP of the FortiGate

A.B.C.D is the IP of the Endian Firewall.

 

ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:105: out 8D3DFB1F76D01C1800000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:105: sent IKE msg (P1_RETRANSMIT): X.Y.W.Z:500->A.B.C.D:500, len=164, id=8d3dfb1f76d01c18/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=8d3dfb1f76d01c18/77de3dce2b03d154:076fb303 len=40 ike 0: in 8D3DFB1F76D01C1877DE3DCE2B03D1540B100500076FB303000000280000000C000000010100000E ike 0:EndianFirewall:105: ignoring unsupported INFORMATIONAL message 0. ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike shrank heap by 126976 bytes ike 0:EndianFirewall:105: negotiation timeout, deleting ike 0:EndianFirewall: connection expiring due to phase1 down ike 0:EndianFirewall: deleting ike 0:EndianFirewall: flushing ike 0:EndianFirewall: flushed ike 0:EndianFirewall: deleted ike 0:EndianFirewall: schedule auto-negotiate ike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: created connection: 0x1e2cd90 4 X.Y.W.Z->A.B.C.D:500. ike 0:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:500 negotiating ike 0:EndianFirewall: no suitable ISAKMP SA, queuing quick-mode request and initiating ISAKMP SA negotiation ike 0:EndianFirewall:106: initiator: main mode is sending 1st message... ike 0:EndianFirewall:106: cookie 01ecc9defc80e54d/0000000000000000 ike 0:EndianFirewall:106: out 01ECC9DEFC80E54D00000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:106: sent IKE msg (ident_i1send): X.Y.W.Z:500->A.B.C.D:500, len=164, id=01ecc9defc80e54d/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=01ecc9defc80e54d/7e49c14fc5c14c18:fc64b713 len=40 ike 0: in 01ECC9DEFC80E54D7E49C14FC5C14C180B100500FC64B713000000280000000C000000010100000E ike 0:EndianFirewall:106: ignoring unsupported INFORMATIONAL message 0. didedisike 0:EndianFirewall:EndianFirewall: IPsec SA connect 4 X.Y.W.Z->A.B.C.D:0 ike 0:EndianFirewall:EndianFirewall: using existing connection ike 0:EndianFirewall:EndianFirewall: config found ike 0:EndianFirewall: request is on the queue ike 0:EndianFirewall:106: out 01ECC9DEFC80E54D00000000000000000110020000000000000000A40D000034000000010000000100000028010100010000002001010000800B0001800C0E10800100058003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00051B3D ike 0:EndianFirewall:106: sent IKE msg (P1_RETRANSMIT): X.Y.W.Z:500->A.B.C.D:500, len=164, id=01ecc9defc80e54d/0000000000000000 ike 0: comes A.B.C.D:500->X.Y.W.Z:500,ifindex=4.... ike 0: IKEv1 exchange=Informational id=01ecc9defc80e54d/d73ae856f45d83c5:da5cbed0 len=40 ike 0: in 01ECC9DEFC80E54DD73AE856F45D83C50B100500DA5CBED0000000280000000C000000010100000E ike 0:EndianFirewall:106: ignoring unsupported INFORMATIONAL message 0.

8184
0 Kudos
1 REPLY 1
ede_pfau
SuperUser
SuperUser

Created on ‎11-24-2016 09:56 AM

One of the parameters in phase1 do not match. Could you please post the phase1-interface, phase2-interface config from CLI, and what you've configured on the remote firewall?


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1362
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.