IPsec S2S to Fortigate 40C

martino76 · Fri Apr 10, 2015 2:29 pm

Hi All,

I have setup IPSec tunnel from Mikrotik router to the Fortigate 40C and see that phase 1 is up and running

ip ipsec remote-peers print
 0 local-address=10.57.68.3 port=4500 remote-address=82.20.74.85 port=4500 state=established 
   side=initiator established=10m24s

However when I do ping from my local subnet 10.1.3.0 to remote subnet 10.1.9.0 I see following errors

08:06:35 ipsec,debug new acquire 10.57.68.3[0]<=>82.20.x.x[0]
08:06:35 ipsec,debug suitable outbound SP found: 10.1.3.0/24[0] 10.1.9.0/24[0] proto=any dir=out
08:06:35 ipsec,debug suitable inbound SP found: 10.1.9.0/24[0] 10.1.3.0/24[0] proto=any dir=in
08:06:35 ipsec,debug,packet  (proto_id=AH spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=
0:0)
08:06:35 ipsec,debug,packet   (trns_id=SHA authtype=hmac-sha1)
08:06:35 ipsec,debug,packet  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid
=0:0)
08:06:35 ipsec,debug,packet   (trns_id=3DES encklen=0 authtype=hmac-sha1)
08:06:35 ipsec,debug,packet begin QUICK mode.
08:06:35 ipsec,debug,packet ===
08:06:35 ipsec,debug,packet begin QUICK mode.
08:06:35 ipsec,debug initiate new phase 2 negotiation: 10.57.68.3[0]<=>82.20.x.x[0]
.
.
.
.
08:06:36 ipsec,debug proto_id mismathed: my:2 peer:3
08:06:36 ipsec,debug proposal mismathed.

I am wondering if there is anyway to force my router to use value 3 for prto_id and maybe you know what 3 means btw

Regards,

mainTAP · Sat Apr 11, 2015 4:27 pm

What is your phase2 proposal on both ends ?

IPsec S2S to Fortigate 40C

IPsec S2S to Fortigate 40C

Who is online