Mar 26 19:03:14 [IKEv1]: Group = xxx.xxx.xxx.xxx, IP = xxx.xxx.xxx.xxx, ERROR, had problems decrypting packet, probably due to mismatched pre-shared key. Aborting Mar 26 19:03:16 [IKEv1]: Group = xxx.xxx.xxx.xxx, IP = xxx.xxx.xxx.xxx, Removing peer from peer table failed, no match! Mar 26 19:03:16 [IKEv1]: Group = xxx.xxx.xxx.xxx, IP = xxx.xxx.xxx.xxx, Error: Unable to remove PeerTblEntry Mar 26 19:03:19 [IKEv1]: Group = xxx.xxx.xxx.xxx, IP = xxx.xxx.xxx.xxx, Received encrypted Oakley Main Mode packet with invalid payloads, MessID = 0
I see couple things that you might want to take a look at.
- Looking at the debug output, it says that the pre-shared key configured on the Fortigate and ASA might be different. They need to be the same, you might want to check the keys again.
- The access-list for no-nat traffic should be permitting traffics from your side destined to the remote end. Only these specific traffics that will be not natted. Your current no-nat ACL is saying the other way around.
- Your DH group value for phase 2 on the Fortigate and ASA are different. From what I understand, they need to be the same.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...