Hot!VPN Not Up, GUI Log indicates mismatch PSK, CLI marks OK PSK

New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/10 22:45:06
  • Status: offline
2019/02/10 23:19:03 (permalink)

VPN Not Up, GUI Log indicates mismatch PSK, CLI marks OK PSK

hello guys,
I'm new to Fortinet products, i wanted to ask a few question,
so i was setting up a Site-to-Site IPsec VPN between 2 Fortigate 60E(s), i'm creating this VPN connection through wizard, after i've configured the VPN, i tried to bring up the VPN from monitor -> IPsec, but the VPN is not up. When i opened the debug logs, it said that there's a "Probable Pre-shared Mismatch", after i changed it, it keeps showing th mismatch error, i've changed the PSK for 3 times, but on the third try, the GUI VPN Logs shows that there's still a "probable Pre-shared Mismatch". but when i saw from the CLI Debug Logs, it said that the Pre Shared key authentication is OK, and the SA IKE is OK too.
Can anyone help me with this problem, please? 
there's my CLI log attached 
post edited by Pahlevi29 - 2019/02/11 00:36:34
Toshi Esumi
Expert Member
  • Total Posts : 1648
  • Scores: 139
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: VPN Not Up, GUI Log indicates mismatch PSK, CLI marks OK PSK 2019/02/11 12:53:01 (permalink)
The second part of the log is showing the other side (y.y.y.y) is initiating the negotiation and this side (x.x.x.x) is accepting phase1 and phse2 selector. So problem seems to be on y.y.y.y side somehow dropping it when the phase2 acceptance packet arrived or doesn't see it. 
Then the first part is showing when x.x.x.x side is trying to initiate the tunnel but couldn't get reply from y.y.y.y side after sending phase2 selector. And eventually times out.
Do the same debugging on y.y.y.y side if you don't see any config issue on that side.
Jump to:
© 2019 APG vNext Commercial Version 5.5