Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jakecle67
New Contributor

Created on ‎12-02-2023 08:45 AM

IKE phase1 authentication fail as peer's certificate is not verified from forticlient logs

Hello, I'm new at this so be patient with me.

 

I'm unable to connect to my network remotely via IPsec VPN - I can connect on first PC - however unable to connect via second PC. I checked the client configuration on working PC and matched on PC that isn't connecting.

 

From my forticlient that isn't connecting via IPsec VPN

IKE phase1 authentication fail as peer's certificate is not verified

 

2/2/2023 10:52:16 AM info sslvpn date=2023-12-02 time=10:52:15 logver=1 id=96602 type=securityevent subtype=sslvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="SSLVPN service started successfully" vpnstate=
12/2/2023 10:52:25 AM info system date=2023-12-02 time=10:52:24 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:31 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:52:32 AM info update date=2023-12-02 time=10:52:32 logver=1 id=96819 type=systemevent subtype=update eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Update was successful to the given version for the given module"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96566 type=securityevent subtype=ipsecvpn eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network action=negotiate init=local mode=aggressive stage=1 dir=outbound status=success Initiator: sent 173.88.153.169 aggressive mode message #1 (OK)" vpntunnel="Home Network"
12/2/2023 10:56:00 AM info ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:00 AM error ipsecvpn date=2023-12-02 time=10:55:59 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:03 AM info ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:03 AM error ipsecvpn date=2023-12-02 time=10:56:02 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:06 AM info ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:06 AM error ipsecvpn date=2023-12-02 time=10:56:05 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:09 AM info ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96577 type=securityevent subtype=ipsecvpn eventtype=error level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="IKE phase1 authentication fail as peer's certificate is not verified" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:56:09 AM error ipsecvpn date=2023-12-02 time=10:56:08 logver=1 id=96567 type=securityevent subtype=ipsecvpn eventtype=error level=error uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="loc_ip=172.16.80.11 loc_port=500 rem_ip=173.88.153.169 rem_port=500 out_if=0 vpn_tunnel=Home Network status=negotiate_error init=local mode=xauth_clinet stage=1 dir=inbound status=failureInitiator: parsed 173.88.153.169 aggressive mode message #1 (ERROR)" vpntunnel="Home Network"
12/2/2023 10:56:12 AM warning ipsecvpn date=2023-12-02 time=10:56:11 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 10:58:35 AM warning ipsecvpn date=2023-12-02 time=10:58:34 logver=1 id=96561 type=securityevent subtype=ipsecvpn eventtype=error level=warning uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="No response from the peer, phase1 retransmit reaches maximum count" vpntunnel="Home Network" locip=172.16.80.11 locport=500 remip=173.88.153.169 remport=500
12/2/2023 11:00:28 AM info system date=2023-12-02 time=11:00:27 logver=1 id=96823 type=systemevent subtype=system eventtype=status level=info uid=C936E3C1403F4C3B9369EFE22C3B5171 devid=FCT8000484597987 hostname=DCDDCD-VKISEE7Q pcdomain=N/A deviceip=172.16.80.11 devicemac=34-17-eb-c3-e9-f4 site=N/A fctver=7.2.0.0690 fgtserial=FCT8000484597987 emsserial=N/A os="Microsoft Windows 10 Professional Edition, 64-bit (build 19045)" user=jakec msg="Checking for updates"

 

#FortiClient

  •  

 

 

 

 

Labels:
1557
0 Kudos
4 REPLIES 4
hbac
Staff
Staff

Created on ‎12-02-2023 12:00 PM

Hi @jakecle67,

 

Are you using certificate for authentication? Are you connecting from 2 PCs at the same time using the same account? 

 

Regards, 

1542
jakecle67
New Contributor
In response to hbac

Created on ‎12-05-2023 12:48 AM

Hello. I'm not using certificates for my authentication. I'm using a username and password. I'm not connecting from 2 PCs at the same time.

1283
0 Kudos
pminarik
Staff
Staff
In response to jakecle67

Created on ‎12-05-2023 01:42 AM Edited on ‎12-05-2023 01:42 AM

Can you double-check? On the FortiGate, in its config ideally.

The logs metion XAUTH and aggressive mode, so presumably this is IKEv1. And in IKEv1, the username+password authentication done in XAUTH is precedent by PSK-, or certificate-, based authentication in phase1.

[ corrections always welcome ]
1265
0 Kudos
hbac
Staff
Staff
In response to jakecle67

Created on ‎12-05-2023 06:05 AM

@jakecle67,

 

Do you have peer ID configured on the FortiGate? Since it is working on one PC but not another, it could be a client issue. Both PCs are using the same FortiClient version? 

 

On FortiClient, you can try to reenter the PSK. If it doesn't help, try deleting and creating a new VPN connection. 

 

Regards, 

1252
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.