1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IPSEC between RV042 + Fortigate 60

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by ichyto, Jul 18, 2007.

  1. ichyto

    ichyto LI Guru Member

    Hey guys

    Just trying to setup a IPSEC connection between an RV042 and a Fortigate 60. It appears as though phase 1 completes successfully though errors at phase 2. Here is a copy of the log from the RV042 though i cannot retrieve the one from the Fortigate.

    Jul 18 17:57:26 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Aggressive Mode 1st packet
    Jul 18 17:57:26 2007 VPN Log initiating Aggressive Mode #201, connection "ips0"
    Jul 18 17:57:26 2007 VPN Log STATE_AGGR_I1: initiate
    Jul 18 17:57:26 2007 VPN Log Informational Exchange is for an unknown (expired?) SA
    Jul 18 17:57:27 2007 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
    Jul 18 17:57:27 2007 VPN Log Ignoring Vendor ID payload [afca071368a1f1c9...]
    Jul 18 17:57:27 2007 VPN Log Ignoring Vendor ID payload [5062b335bc20db32...]
    Jul 18 17:57:27 2007 VPN Log Ignoring Vendor ID payload [1d6e178f6c2c0be2...]
    Jul 18 17:57:27 2007 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Aggressive Mode 2nd packet
    Jul 18 17:57:27 2007 VPN Log Aggressive mode peer ID is ID_IPV4_ADDR: '150.101.XXX.XXX'
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Aggressive Mode 3rd packet
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] Aggressive Mode Phase 1 SA Established
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] Initiator Cookies = 4347 30c6 157 98bc
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] Responder Cookies = 6b18 8311 9853 a39b
    Jul 18 17:57:27 2007 VPN Log initiating Quick Mode PSK+TUNNEL+PFS+AGGRESSIVE+NAT-T
    Jul 18 17:57:27 2007 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
    Jul 18 17:57:27 2007 VPN Log Received informational payload, type INVALID_ID_INFORMATION



    Thanks guys

    Stuart
     
  2. TazUk

    TazUk Network Guru Member

    Can you post back the configs of both ends?
     
  3. ifican

    ifican Network Guru Member

    Make sure nat-t is configured on both ends and make sure the tunnel identifier is the same on both ends. Other then that its hard to say unless we have the configs to look at.
     
  4. ichyto

    ichyto LI Guru Member

    Hey guys,
    It appears ifican was on the right path, i didnt have the correct routable subnet on the Fortigate 60 and that's why it was erroring on Phase 2

    Thanks

    -Stuart
     
  5. alberteenyt2002

    alberteenyt2002 Addicted to LI Member

    Dear all,
    Im still new to VPN world, can someone guide me to configure vpn between RV042 & fortigate 60, Please help me ...
     

Share This Page