Documente Academic
Documente Profesional
Documente Cultură
com/ipsec-vpn-troubleshooting/
1 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
2 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
3 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
4 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
type=DH_GROUP, val=1536.
proposal id = 1:
protocol = IKEv2:
encapsulation = IKEv2/none
type=ENCR, val=AES_CBC (key_len = 128)
type=INTEGR, val=AUTH_HMAC_SHA_96
type=PRF, val=PRF_HMAC_SHA
type=DH_GROUP, val=1536.
Dialup connection
5 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
6 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
proposal
7 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
out [encryption]
sent IKE msg (ident-i1send): 10.12.101.10:500->10.11.101.10:500, len=264, id=3db
diaike 0: comes 10.12.101.1:500->10.11.101.1:500,ifindex=26....
8 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
9 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
Keith Leroux
Yes No
10 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
LOG IN WITH
OR SIGN UP WITH DISQUS ?
The phase 1 is successful and then there is negotiation timeout and phase 2 does not go
through.. Any ideas? Both settings are same on both site to site VPN ends.
• Reply • Share ›
You could attempt to increase the Keylife value, or remove some of the unnecessary
proposals. Failing that, you'll have to contact support.fortinet.com and run some more
diagnostics. If you come to a solution that we can add to this Troubleshooting guide,
do let me know, I'd be happy to add it!
• Reply • Share ›
11 of 12 3/28/2018, 11:07 AM
IPsec VPN troubleshooting - Fortinet Cookbook http://cookbook.fortinet.com/ipsec-vpn-troubleshooting/
CONTACT | DOCUMENTATION LIBRARY | CLI PORTAL | FUSE | VIDEOS | SUPPORT | CORPORATE | LEGAL
© 2017 Fortinet
12 of 12 3/28/2018, 11:07 AM