Hall of Fame

1. JFrederic...297,897
2. dpk_wal190,976
3. lrmoore161,519
4. ccomley129,179
5. 3nerds126,450
6. ikalmar126,061
7. MikeKane124,898
8. kenboonejr82,375
9. rsivanandan61,654
10. sangamc58,732
11. bignewf57,701
12. Qlemo55,902
13. deimark52,350
14. stsonline50,575
15. rochey2...48,750
16. asavener48,145
17. uetian170742,279
18. RobWill40,834
19. jodylemoine39,020
20. that1guy1538,762
21. nodisco37,800
22. harbor23535,405
23. PeteLong35,050
24. arnold33,871
25. equalizer33,150

1. lrmoore1,423,270
2. JFrederic...507,441
3. batry_boy488,895
4. RobWill455,233
5. dpk_wal445,633
6. rsivanandan326,996
7. harbor235212,034
8. ccomley171,466
9. MikeKane152,388
10. PeteLong134,731
11. 3nerds126,450
12. ikalmar126,061
13. nodisco124,822
14. grblades123,979
15. Cyclops3...116,570
16. giltjr110,457
17. MrHusy98,341
18. pseudocy...90,643
19. Voltz-dk87,658
20. arnold85,917
21. RPPreacher85,616
22. kenboonejr82,375
23. Qlemo77,869
24. calvinetter76,413
25. donjohnston74,205

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.0

Problem with IPSec VPN tunnel to remote site

Asked by techneitsolutions in Networking Hardware Firewalls, IPSec Security Protocol, Network Routers

Tags: Fortigate, 60B

Hi experts,

We need to setup an IPSec VPN tunnel to a remote site. Other remote site hardware is unkown, but we do know the IPSec settings. Phase 1 and Phase 2 have been configured and firewall policies are defined.

In our Fortigate logs we get this during a setup of the tunnel:

error       dpd                   IPsec connection failure on the tunnel to <remote ip>:500       dpd_failure
notice      negotiate             Initiator: tunnel <remote ip>, transform=ESP_AES, HMAC_SHA1       success
notice       negotiate             Initiator: sent <remote ip> quick mode message #2 (DONE)       success
notice       install_sa             Initiator: tunnel <local ip>/<remote ip> install ipsec sa
notice       negotiate             Initiator: sent <remote ip> quick mode message #1 (OK)             success
notice       negotiate             Initiator: parsed <remote ip> main mode message #3 (DONE)       success
notice       negotiate             Initiator: sent <remote ip> main mode message #3 (OK)             success
notice       negotiate             Initiator: sent <remote ip> main mode message #2 (OK)             success
notice       negotiate             Initiator: sent <remote ip> main mode message #1 (OK)             success
notice       delete_phase1_sa       Deleted an Isakmp SA on the tunnel to <remote ip>:500

The dpd_failure message has id 23011. According to fortigate this means:
1.11. Message ID: 23011
Message:       loc_ip=<local_ipaddress> loc_port=<local_port> rem_ip=<> rem_port=<> out_if=<> vpn_tunnel=<ip_address> cookies=<> action=dpd status=dpd_failure msg="IPSec connection failure"
Meaning:       IPSec connection failure.

(see url http://kc.forticare.com/print.asp?id=3271&Lang=1&SID=)

The problem is here we need a deeper analysis of what exactly is going wrong.
dpd_failure = dead peer detected failure, but since it's replying on the first phases, the Fortigate can reach the other site.

Anyone a suggestion?

thanks,
Pieter

Get your answer NOW

	Title
1	IPSec VPN
2	2 Cisco 1841 IPSEC VPN tunnel not…
3	IPSEC vpn tunnel setup
4	IPSEC VPN ACL
5	IPSEC rules for remote acces (vpn cli…
6	Can a Cisco IOS Tunnel interface with I…

Problem with IPSec VPN tunnel to remote site

Asked by techneitsolutions in Networking Hardware Firewalls, IPSec Security Protocol, Network Routers

Tags: Fortigate, 60B

About this solution