Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN between PIX & FortiGate

I am facing probelm while establishing VPN between PIX & FortiGate.

The VPN gets established & works for soemtime -- a couple of days & then teh connection suddenly drops.

The VPN tunnel comes up only when the VPN tunnel is reset from the FortiGate end.

Coudl any one put some light on this.

Thanks

Mahavir

3 REPLIES
Community Member

Re: VPN between PIX & FortiGate

I would like to see the output of the command [diag debug app ike 2] from the console of the Fortinet box at the time the tunnel goes down.

Community Member

Re: VPN between PIX & FortiGate

Below the debug frim the FortiGate

Comes :500->

:500,ifindex=8, vf_id=0....

Exchange Mode = 2, I_COOKIE = 0x596D677AF9737E85, Len = 68

checking Mastek 8 ->

:500

Mastek: phase1 found

Received Payloads= ID HASH

Initiator: main mode get 3rd response...

Mastek: set phase1(0x845b970) timeout=28800

Initiator: parsed main mode message #3 (DONE)

Then there is a packet, which apparently changes the phase1- lifetime to 900:

Comes :500->

:500,ifindex=8, vf_id=0....

Exchange Mode = 5, Message id = 0x24D43533, Len = 92

checking Mastek 8 ->

:500

Mastek: phase1 found

####### ISAKMP INFO ##########

Received Payloads= HASH Notif

######### Receive Information Payload(Protected)#########

protocol_id=1, notify_msg=24576 (24576??), ispi_size=16

spi=596d677af9737e85739a05686c065ee9

Msg=80

phase1 life time is changed to 900".

Mastek: set phase1(0x845b970) timeout=900

Is this usual IPsec behaviour ?

Community Member

Re: VPN between PIX & FortiGate

Hello, curious if you got any more information on this? I am facing the same exact problem.

416
Views
0
Helpful
3
Replies
CreatePlease to create content