- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- IPSec VPN disconnected
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN disconnected
I have tried to set up a VPN connection between a Fortigate 90D and a Windows 10 native client. According to the logs, the negotations are correct but the connection is dropped.
This is my config:
config vpn ipsec phase1-interface edit "VPN_Windows" set type dynamic set interface "wan2" set keylife 28800 set peertype dialup set proposal aes256-md5 3des-sha1 aes192-sha1 set dhgrp 2 set usrgrp "VPN users" set psksecret ENC DJeIczJZqdMFw... next end
config vpn ipsec phase2-interface edit "VPN_Windows" set phase1name "VPN_Windows" set proposal aes256-md5 3des-sha1 aes192-sha1 set pfs disable set keepalive enable set encapsulation transport-mode set l2tp enable set keylifeseconds 3600 next end
I setup the VPN connection on Windows 10, setting the preshared key correctly.
These are some lines you may find useful in the FG log:
ike 0:70f373750b2a2064/0000000000000000:50: SA proposal chosen, matched gateway VPN_Windows
ike 0:VPN_Windows:50: PSK authentication succeeded ike 0:VPN_Windows:50: authentication OK
ike 0:VPN_Windows_0:50:VPN_Windows:26: matched phase2
And then this:
ike 0:VPN_Windows_0:50: recv IPsec SA delete, spi count 1 ike 0:VPN_Windows_0: deleting IPsec SA with SPI d6050872 ike 0:VPN_Windows_0:VPN_Windows: deleted IPsec SA with SPI d6050872, SA count: 0 ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap for VPN_Windows ike 0:VPN_Windows_0:26: del route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:VPN_Windows: delete
This is the complete FG log:
FGT90D3Z15006898 # ike 0: comes 190.19.57.99:500->181.165.243.118:500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/0000000000000000 len=408 ike 0: in 70F373750B2A206400000000000000000110020000000000000001980D0000D40000000100000001000000C801010005030000280101000080010007800E0100800200028004001480030001800B0001000C000400007080030000280201000080010007800E0080800200028004001380030001800B0001000C000400007080030000280301000080010007800E0100800200028004000E80030001800B0001000C000400007080030000240401000080010005800200028004000E80030001800B0001000C000400007080000000240501000080010005800200028004000280030001800B0001000C0004000070800D00001801528BBBC00696121849AB9A1C5B2A51000000010D0000181E2B516905991C7D7C96FCBFB587E461000000090D0000144A131C81070358455C5728F20E95452F0D00001490CB80913EBB696E086381B5EC427B1F0D0000144048B7D56EBCE88525E7DE7F00D6C2D30D000014FB1DE3CDF341B7EA16B7E5BE0855F1200D00001426244D38EDDB61B3172A36E3D0CFB81900000014E3A5966A76379FE707228231E5CE8652 ike 0:70f373750b2a2064/0000000000000000:50: responder: main mode get 1st message... ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (20): ▒9▒▒▒▒~xj0PZ▒ ike 0:70f373750b2a2064/0000000000000000:50: VID MS NT5 ISAKMPOAKLEY 1E2B516905991C7D7C96FCBFB587E46100000009 ike 0:70f373750b2a2064/0000000000000000:50: VID RFC 3947 4A131C81070358455C5728F20E95452F ike 0:70f373750b2a2064/0000000000000000:50: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F ike 0:70f373750b2a2064/0000000000000000:50: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0: cache rebuild start ike 0: cache rebuild done ike 0:70f373750b2a2064/0000000000000000:50: negotiation result ike 0:70f373750b2a2064/0000000000000000:50: proposal id = 1: ike 0:70f373750b2a2064/0000000000000000:50: protocol id = ISAKMP: ike 0:70f373750b2a2064/0000000000000000:50: trans_id = KEY_IKE. ike 0:70f373750b2a2064/0000000000000000:50: encapsulation = IKE/none ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC. ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_HASH_ALG, val=SHA. ike 0:70f373750b2a2064/0000000000000000:50: type=AUTH_METHOD, val=PRESHARED_KEY. ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_GROUP, val=MODP1024. ike 0:70f373750b2a2064/0000000000000000:50: ISAKMP SA lifetime=28800 ike 0:70f373750b2a2064/0000000000000000:50: SA proposal chosen, matched gateway VPN_Windows ike 0:VPN_Windows: created connection: 0x2c46298 6 181.165.243.118->190.19.57.99:500. ike 0:VPN_Windows:50: selected NAT-T version: RFC 3947 ike 0:VPN_Windows:50: cookie 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B0110020000000000000000BC0D00003800000001000000010000002C01010001000000240501000080010005800200028004000280030001800B0001000C0004000070800D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC775701000D0000148299031757A36082C6A621DE000504280D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:VPN_Windows:50: sent IKE msg (ident_r1send): 181.165.243.118:500->190.19.57.99:500, len=188, id=70f373750b2a2064/548bcd7c926fe71b ike 0: comes 190.19.57.99:500->181.165.243.118:500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/548bcd7c926fe71b len=260 ike 0: in 70F373750B2A2064548BCD7C926FE71B0410020000000000000001040A000084286249D3911D62F29E314C2EE88DF16EB69D8F0A974426C631A39EFE73E81C62442A358B3B0965B553B8913EC568D81177932217D103EF8AF7CB92E33C2F36EED8FB29152F49F50B1ECC3DDD57BFDB46135D47A7AB06A6DAC7E564C3EB2F62FDF12B855118D0BFAB80B9926848D040806EFB363C4D120228603729AA806A80C0140000343DEA17C088D411E683239BFF9292B07D29E50AD2CB808209DA4B08C1AD98E6E95935B4E697184B436C972F54C29A000D14000018307C717C5A82491E4C7CB4E6B1279DEC681078E30000001832EC4036DB63FB5A799D749F47899B60401FE732 ike 0:VPN_Windows:50: responder:main mode get 2nd message... ike 0:VPN_Windows:50: NAT detected: PEER ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B0410020000000000000000E40A000084B15BA187AA240FED3B79A9DF15E5E8E89DB48093F50363D9C03750F1873FF939CBDF101F410A344DDAD238DBEF71A754FFAC03F0B3415B4345037152491AD7448FB73FDF4F5B50CA9B68E5389C0D6E0ED6415CEEF151F7D55E91CE5802810C295F78DED7DB902EA16C0D0B3D9E1D22CFDDD7A158CBBA6AB4DBF7C12FE4508C411400001457A5C3EBA2EDD5FE8FED60ACAC1087D5140000180A1D7AD8C73F8F8364641D797F38ADC77469232B00000018307C717C5A82491E4C7CB4E6B1279DEC681078E3 ike 0:VPN_Windows:50: sent IKE msg (ident_r2send): 181.165.243.118:500->190.19.57.99:500, len=228, id=70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows:50: ISAKMP SA 70f373750b2a2064/548bcd7c926fe71b key 24:1C2FF49C6F811EBC765E527E206040CE666ABB3E19A3179B ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/548bcd7c926fe71b len=68 ike 0: in 70F373750B2A2064548BCD7C926FE71B051002010000000000000044946BCFA0E524D8AD0862A8AC0D48BC6312D29FF10A90AE8077912DC3B5918EEA68413FC0063DECA3 ike 0:VPN_Windows:50: responder: main mode get 3rd message... ike 0:VPN_Windows:50: dec 70F373750B2A2064548BCD7C926FE71B0510020100000000000000440800000C01000000C0A8010F00000018FF75AB514738C1B1929053D95224DCFDE53F9DFB00000000 ike 0:VPN_Windows:50: peer identifier IPV4_ADDR 192.168.1.15 ike 0:VPN_Windows:50: PSK authentication succeeded ike 0:VPN_Windows:50: authentication OK ike 0:VPN_Windows:50: enc 70F373750B2A2064548BCD7C926FE71B0510020100000000000000400800000C01000000B5A5F376000000182F607F7AEB98F4729D84A29AC8B5F432EFD15F95 ike 0:VPN_Windows:50: remote port change 500 -> 4500 ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B051002010000000000000044E71C4ED20BA434AE7E532BE96589987F5883FFA9BE5F507A831293BC68CF2D1319DCFB040EC505E4 ike 0:VPN_Windows:50: sent IKE msg (ident_r3send): 181.165.243.118:4500->190.19.57.99:4500, len=68, id=70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows: adding new dynamic tunnel for 190.19.57.99:4500 ike 0:VPN_Windows_0: added new dynamic tunnel for 190.19.57.99:4500 ike 0:VPN_Windows_0:50: established IKE SA 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows_0: DPD disabled, not negotiated ike 0:VPN_Windows_0:50: no pending Quick-Mode negotiations ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Quick id=70f373750b2a2064/548bcd7c926fe71b:00000001 len=436 ike 0: in 70F373750B2A2064548BCD7C926FE71B0810200100000001000001B4E3D9EED44D8B3D287080005EDF8787EAFA705FEAB967A8BD0FE2E149C1AD8CFA6334E92CB2B472F033646353E589FBD1BA0226BB71972481D8266C805260ED5F41252DB3AA417E91E37A2FCC80DD9902541B2344AD55A7A324092236DA92FDADB07485113F72CE4BEECE4D4D0FB6F73E7552FB9EE756D106FC8B1D5EFD0FD837744F668A20F721B759622EC83F348DF674C4F93DEF016C2E5148D8DF37364066C9EC432FEEC8DE76BFF34FF5CA0F6E2DC70D481547FB1AC6155AF137F63C6C9F361C1711B4F7380A1F793114AB03934CB56A7A5C2DDFF7D1520BE8B52673AAF4F6E6ECEC883E8B605BCF29EBFFB64163E154EAB914335D800178542B862E0B7824B27396AF33ABCF657C6861F3ED920DEA43B771E77A5EAECFDC458345CC287E27F36B661F13300EE8A9D5198EE9BBFE958E11238E60131452E61E79F624F24AAD019E896605EC6009766B86DBE2F978133A19C78A19B586D98E71B62D85DD006F6A00FFF8EA3C93BBD746E4C0CC09EB49654F3E18421725EFFDEFC7ED5187EA46BCE5DE932166979E2E3703B25900BDD935D520DEB9187E ike 0:VPN_Windows_0:50:26: responder received first quick-mode message ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B0810200100000001000001B4010000185633637DE3F801975378AD00B0A1B73D69E9F7B50A00011800000001000000010200003801030401D60508720000002C010C0000800400048006010080050002800100010002000400000E1080010002000200040003D0900200003802030401D60508720000002C010C0000800400048006008080050002800100010002000400000E1080010002000200040003D0900200003403030401D605087200000028010300008004000480050002800100010002000400000E1080010002000200040003D0900200003404030401D605087200000028010200008004000480050002800100010002000400000E1080010002000200040003D0900000003405030401D605087200000028010B00008004000480050002800100010002000400000E1080010002000200040003D090050000340E2B70405FDD6B0BA1EF57A0F0851C386C6EB74D055864E7FECF8A933B4A1F1EB52765E31B21AAD56D6D3D5063BB2DAD0500000C011106A5C0A8010F1500000C011106A5B5A5F3761500000C01000000C0A8010F0000000C01000000B5A5F37600000000 ike 0:VPN_Windows_0:50:26: received NATOA-i 192.168.1.15 ike 0:VPN_Windows_0:50:26: received NATOA-r 181.165.243.118 ike 0:VPN_Windows_0:50:26: peer proposal is: peer:17:192.168.1.15-192.168.1.15:1701, me:17:181.165.243.118-181.165.243.118:1701 ike 0:VPN_Windows_0:50:VPN_Windows:26: trying ike 0:VPN_Windows_0:50:26: transport mode, override with 17:181.165.243.118-181.165.243.118:1701 -> 17:190.19.57.99-190.19.57.99:0 ike 0:VPN_Windows_0:50:VPN_Windows:26: matched phase2 ike 0:VPN_Windows_0:50:VPN_Windows:26: dynamic client ike 0:VPN_Windows_0:50:VPN_Windows:26: my proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 1: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 256) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=MD5 ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 192) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 1: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 256) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 2: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 128) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 3: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: negotiation result ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 3: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: using udp transport mode. ike 0:VPN_Windows_0:50:26: sending NATOA-i 190.19.57.99 ike 0:VPN_Windows_0:50:26: sending NATOA-r 181.165.243.118 ike 0:VPN_Windows_0:50:VPN_Windows:26: replay protection enabled ike 0:VPN_Windows_0:50:VPN_Windows:26: SA life soft seconds=3589. ike 0:VPN_Windows_0:50:VPN_Windows:26: SA life hard seconds=3600. ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA selectors #src=1 #dst=1 ike 0:VPN_Windows_0:50:VPN_Windows:26: src 0 7 17:181.165.243.118-181.165.243.118:1701 ike 0:VPN_Windows_0:50:VPN_Windows:26: dst 0 7 17:190.19.57.99-190.19.57.99:0 ike 0:VPN_Windows_0:50:VPN_Windows:26: add dynamic IPsec SA selectors ike 0:VPN_Windows_0:26: add route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:50:VPN_Windows:26: tunnel 1 of VDOM limit 0/0 ike 0:VPN_Windows_0:50:VPN_Windows:26: add IPsec SA: SPIs=57452c5a/d6050872 ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA dec spi 57452c5a key 24:C4EC4A717F891987DEC4BE10154F01986A8EA740164DF855 auth 20:78614E80FD34575C56C16BA6BB63BB946487B4D9 ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA enc spi d6050872 key 24:123C9F7E04996A0296F49BC23F1C97C8D4D269C7A953B0BC auth 20:AB709CF3448FBA2CAB4016E47EC1756488D430C5 ike 0:VPN_Windows_0:50:VPN_Windows:26: transport mode encapsulation is enabled ike 0:VPN_Windows_0:50:VPN_Windows:26: added IPsec SA: SPIs=57452c5a/d6050872 ike 0:VPN_Windows_0:50:VPN_Windows:26: sending SNMP tunnel UP trap ike 0:VPN_Windows_0:50: enc 70F373750B2A2064548BCD7C926FE71B0810200100000001000000B801000018CBDF495BA45DF1DCDDCCDFCAA9A3AB7038F741D90A0000400000000100000001000000340303040157452C5A00000028010300008004000480050002800100010002000400000E1080010002000200040003D0900500001428DD36778A4FA1B62F3F7E7DD28D39220500000C011106A5C0A8010F1500000C011106A5B5A5F3761500000C01000000BE1339630000000C01000000B5A5F376 ike 0:VPN_Windows_0:50: out 70F373750B2A2064548BCD7C926FE71B0810200100000001000000BC5D3B5782D8075E1126B2F8B3DCCA2E702841AD7B97D6B9953A267D76F13ACBF66D5056C2F45EE9C1C00A93C5B1980D42DEDD4326EB04032E4332B79F2F11C6A615289D417FD53D5E272E640A12669500F521930C9CC46ECF4FC786A287A690E228CA27EA79B509E66274D8F15AA05C0F7CA8D57A8A00C89F196225E46C07504F2D95720A4C3FBCB423EAD8C0EDF45FD8D7E3856C43875D414C064E95731DFB6F ike 0:VPN_Windows_0:50: sent IKE msg (quick_r1send): 181.165.243.118:4500->190.19.57.99:4500, len=188, id=70f373750b2a2064/548bcd7c926fe71b:00000001 ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Quick id=70f373750b2a2064/548bcd7c926fe71b:00000001 len=60 ike 0: in 70F373750B2A2064548BCD7C926FE71B08102001000000010000003C94C3FFBA35D399A37AA57A5703139CE832D2F9ED0034C9FF5E536D3CE28092B7 ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B08102001000000010000003C000000186AD20F7D791BB71D276D3A5C0D5F761F56386D250000000000000000 ike 0:VPN_Windows_0:VPN_Windows:26: send SA_DONE SPI 0xd6050872 ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Informational id=70f373750b2a2064/548bcd7c926fe71b:73452add len=76 ike 0: in 70F373750B2A2064548BCD7C926FE71B0810050173452ADD0000004C14CDEDB4D8A5205DDB4501016E2FC78F41D1CE6F674393358992CDE97236C45FFD47517F58622B67783E1DF61A0FA584 ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B0810050173452ADD0000004C0C0000186467258487F39F31726F195DED7A2ECB99BEDB2B000000100000000103040001D60508720000000000000000 ike 0:VPN_Windows_0:50: recv IPsec SA delete, spi count 1 ike 0:VPN_Windows_0: deleting IPsec SA with SPI d6050872 ike 0:VPN_Windows_0:VPN_Windows: deleted IPsec SA with SPI d6050872, SA count: 0 ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap for VPN_Windows ike 0:VPN_Windows_0:26: del route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:VPN_Windows: delete ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Informational id=70f373750b2a2064/548bcd7c926fe71b:3523d67f len=84 ike 0: in 70F373750B2A2064548BCD7C926FE71B081005013523D67F00000054678F3C5168C3FCDA35F37062098DA782E2D677D8655DE433928B790172470738882A4B51172E3E2A8204DEB94125905570B10B39777AA80A ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B081005013523D67F000000540C000018809565EC75D4AF7BBAD4FF6B62170B43D432FB900000001C000000010110000170F373750B2A2064548BCD7C926FE71B00000000 ike 0:VPN_Windows_0:50: recv ISAKMP SA delete 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows_0: deleting ike 0:VPN_Windows_0: flushing ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap ike 0:VPN_Windows_0: flushed ike 0:VPN_Windows_0: delete dynamic ike 0:VPN_Windows_0: reset NAT-T ike 0:VPN_Windows_0: deleted ike shrank heap by 122880 bytes
Can somebody please explain what is wrong or why is the connection suddenly dropped?
Thanks everybody
Labels:
- Labels:
-
5.4
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a proposal:
in former times Win VPN used a combination of keylifeseconds and keylifebytes. You can activate that both are observed in the FGT. IIRC it was 2.5 MB = 25000000 bytes.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TIBarigui wrote:LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
Hi, did you solve the problem? I have some issue with client's Android 5 device.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jc83419 wrote:Not yet. I opened a ticket with Fortinet but didn't have an answer yet, as usual.TIBarigui wrote:LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
Hi, did you solve the problem? I have some issue with client's Android 5 device.
Related Posts
- VXLAN, Virtual Switch and MTU 63 Views
- IPSec tunnel error : no SA... 128 Views
- SD-WAN IPSec Main Backup tunnels with... 119 Views
- IPSEC Down After Changing the IP... 62 Views
- Multiple phase 2 selectors needed for... 164 Views
Labels
-
FortiGate
6,522 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
240 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.