Hi all,
I have configured a VPN against a FortiGate device. All configuration is the same in both sides but i’m getting this error in the sierra device (I copy all log because I don’t know how many lines are necessary).
8 Hash
Decoding t 1 SA
Attr 1 - Encyption 1
Attr 2 - Hash len 4
Attr 4 - Grp Desc 61443
Attr 6 - Grp Prime 256
Attr 5 - Grp Type 2
Attr 3 - Auth 2
Decoding t 10 Nonce
Decoding t 4 Key Exchange
Decoding t 5 ID
- type 4 addr 10.0.0.0, mask 255.0.0.0
Decoding t 5 ID - type 4 addr XX.XX.XX.XX, mask 255.255.255.248
IP_B_ID select src ip 10.0.0.0, dest ip XX.XX.XX.XX
Get IPsec Policy for Src 10.0.0.0 Dest XX.XX.XX.XX 1 2 -found
Add_SA2
<-- Sending phase 2 IKE message
Encoding t 8 Hash
Encoding t 1 SA
Attr 1 - Encyption 1
Attr 2 - Hash len 4
Attr 4 - Grp Desc 61443
Attr 6 - Grp Prime 256
Attr 5 - Grp Type 2
Attr 3 - Auth 2
Encoding t 10 Nonce
Encoding t 4 Key Exchange
Encoding t 5 Identification - type 4 addr 10.0.0.0, Mask 255.0.0.0
Encoding t 5 Identification - type 4 addr XX.XX.XX.XX, Mask 255.255.255.248
Received from IPSec Gateway XX.XX.XX.XX
Received from IPSec Gateway XX.XX.XX.XX
–> Received NATT message
Get IKE Policy for Type 1, IP XX.XX.XX.XX xx 1 -found - policy found
Dispatching Phase 2 message
Exchange type 32 -quick
Quick mode
*** mode handlers
Quick Mode State 3
Decoding t 8 Hash
Decoding t 1 SA
Attr 6 - Grp Prime 256
Attr 4 - Grp Desc 61443
Attr 3 - Auth 2
Attr 5 - Grp Type 2
Attr 1 - Encyption 1
Attr 2 - Hash len 4
Decoding t 10 Nonce
Decoding t 4 Key Exchange
Decoding t 5 ID - type 4 addr XX.XX.XX.XX, mask 255.255.255.248
Decoding t 5 ID - type 4 addr 10.0.0.0, mask 255.0.0.0
IKE_IPS: type 17 17 src . XX.XX.XX.XX, dst . 10.0.0.0
IPSEC Add SA Pair
IPSEC Add Out SA
IPSEC Add Inbound SA
Showing out SA’s
SPI src dst – Tunnel src dst
d0d2cf1a XX.XX.XX.XX 10.0.0.0- XX.XX.XX.XX XX.XX.XX.XX
In Bound
b45ed914 XX.XX.XX.XX XX.XX.XX.XX
<-- Sending phase 2 IKE message
Encoding t 8 Hash
Quick mode exchange completed
**** Finalizing Phase 2 Handle - Tunnel established *********
–> Received NATT message
Get IKE Policy for Type 1, IP XX.XX.XX.XX xx 1 -found - policy found
Dispatching Phase 2 message
Exchange type 32 -quick
Quick mode
Received from IPSec Gateway XX.XX.XX.XX
Received from IPSec Gateway XX.XX.XX.XX
–> Received NATT message
Get IKE Policy for Type 1, IP XX.XX.XX.XX xx 1 -found - policy found
Dispatching Phase 2 message
Exchange type 32 -quick
Quick mode
*** mode handlers
Quick Mode State 4
Decoding t 8 Hash
IKE_IPS: type 17 17 src . XX.XX.XX.XX, dst . 10.0.0.0
IPSEC Add SA Pair
IPSEC Add Out SA
IPSEC Add Inbound SA
Showing out SA’s
SPI src dst – Tunnel src dst
d0d2cf19 XX.XX.XX.XX 10.0.0.0- XX.XX.XX.XX XX.XX.XX.XX
d0d2cf1a XX.XX.XX.XX 10.0.0.0- XX.XX.XX.XX XX.XX.XX.XX
In Bound
b45ed914 XX.XX.XX.XX XX.XX.XX.XX
b45ed915 XX.XX.XX.XX XX.XX.XX.XX
Quick mode exchange completed
**** Finalizing Phase 2 Handle - Tunnel established *********
–> Received NATT message
Get IKE Policy for Type 1, IP XX.XX.XX.XX xx 1 -found - policy found
Dispatching Phase 2 message
Exchange type 32 -quick
Quick mode
*** mode handlers
Quick Mode State 2
Decoding t 8 Hash
Quick Mode failed - aborting status -4908
<-- Sending phase 2 IKE message
Encoding t 8 Hash
Encoding t 11 Notify
Error notification sent
Received from IPSec Gateway XX.XX.XX.XX
Received from IPSec Gateway XX.XX.XX.XX
–> Received IKE message
Get IKE Policy for Type 1, IP XX.XX.XX.XX xx 1 -found - policy found
IKE message contains invalid payload
Error in incoming message - message ignored
By this way, VPN is never up. What is happening?
Thanks.