VPN not working after update firmware

Report Inappropriate Content · ‎03-07-2007

After I update firmware my VPN not working, following is my scenario FGT 100A 3.0 build 0477 operation mode NAT FGT 50A 3.0 build 0406 operation mode Transparent VPN connecting from FGT 50A to FGT 100A Is it need any config. changes

rwpatterson · ‎03-07-2007

Which one(s) did you update, and from what release(s)?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎03-07-2007

both FGT updated from factory default to 2.8 MR11 then 3.0

Report Inappropriate Content · ‎03-07-2007

Hi Sabuthomas, Please read the release notes on MR4. Regards, Eric

Report Inappropriate Content · ‎03-13-2007

Hi.... I' v been doing this too and the VPN wouldn' t work, maybe you should configure it from the scratch....by the way i also got problem with protection profiles and they don' t work too. I think it always problem if we upgraded from v2.8 MR11 to v3.0. I do not know why? Maybe others can give an answer?

Report Inappropriate Content · ‎03-13-2007

My remote peer getting following error, Negotiate SA Error: No matching gateway for new phase 1 request My remote FGT config as follows Operation Mode: NAT Firmware Fortigate-100A 3.00,build0477,070126 My other end FGT config as follows Operation Mode Transparent Firmware Fortigate-50A 3.00,build0400 If I downgrade to 2.8 MR11 on FGT100A then my VPN is working fine. Anybody have any such experiance please help me

rwpatterson · ‎03-14-2007

Just a question. Have you tried MR3 patch 6 on the 100A? Im curious if it is an MR4 thing, or a non MR2 issue. Fortinet rewrote the IPSec section of their firmware between 2.8 and 3.0.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Report Inappropriate Content · ‎03-14-2007

I did not tried in MR3, 100A is on MR4 When I downgrading to 2.8 MR11 then it is working fine, eventhough my 50A on 3.00 build 400

Paul_Dean · ‎03-14-2007

Hi Sabuthomas, I had the same problem when I upgraded a 50A to version 3 firmware from 2.8. The problem I had was caused by the 50A sending out IPSEC packets using the source IP of a secondary IP address and not the primary IP of the main interface. I verified this by using debug commands in the cli. diagnose debug application ike 3 diagnose debug enable You can see the IPSEC Phase1 initial request coming into the firewall from the remote end and the source IP was different to the one it was supposed to use. This might not be your problem however and I would agree with ATA and delete the entire vpn config and start again which will most likely work. Cheers Paul

NSE4

Report Inappropriate Content · ‎03-14-2007

A very strange thing which I found is that, as per my following scenario Main Office FGT100A NAT Mode Branch office FGT50A Tranparent Mode Ver 3.00 build 400 My VPN will work fine if I downgrade my main office to 2.8 MR11 without changing any configuration in VPN in both end But when I upgrade my main office to 3.0 MR4 then my VPN failed and I received error massage â€œNegotiate SA Error: No matching gateway for new phase 1 request.â€ In my main office FGT and no error message in my branch office FGT

VPN not working after update firmware

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website