Cisco 3000 - IPSec tunnel issue

Discussion in 'Cisco' started by BikashPanda, Oct 19, 2007.

  1. BikashPanda

    BikashPanda

    Joined:
    Oct 19, 2007
    Messages:
    1
    Hello All,
    I have a Fortigate 100A set up for IPSec based VPN tunnel with a Cisco 3000 concentrator. The tunel comes up just fine and stays fine when the Cisco initiates but when the Fortigate initiates it errors our in phase 2.

    Appreciate any help in resolving this.

    Here is the log from the Cisco concentrator. (Fortigate's public IP is masked to 111.222.333.444 for security)

    ---------------------------------------------------------
    58423 10/18/2007 15:21:26.860 SEV=3 IKE/134 RPT=54 111.222.333.444

    Group [111.222.333.444]

    Mismatch: Configured LAN-to-LAN proposal differs from negotiated proposal.

    Verify local and remote LAN-to-LAN connection lists.



    58426 10/18/2007 15:21:26.860 SEV=4 IKE/119 RPT=434 111.222.333.444

    Group [111.222.333.444]

    PHASE 1 COMPLETED



    58427 10/18/2007 15:21:26.860 SEV=4 AUTH/22 RPT=130 111.222.333.444

    User [111.222.333.444] Group [111.222.333.444] connected, Session Type: IPSec/LAN-to

    -LAN



    58430 10/18/2007 15:21:27.490 SEV=5 IKE/35 RPT=2939 111.222.333.444

    Group [111.222.333.444]

    Received remote IP Proxy Subnet data in ID Payload:

    Address 192.168.2.0, Mask 255.255.255.0, Protocol 0, Port 0



    58433 10/18/2007 15:21:27.490 SEV=4 IKE/1 RPT=23 111.222.333.4444

    Group [111.222.333.444]

    ID Length Error



    58434 10/18/2007 15:21:27.490 SEV=4 IKE/48 RPT=55 111.222.333.444

    Group [111.222.333.444]

    Error processing payload: Payload ID: 5



    58435 10/18/2007 15:21:27.490 SEV=4 IKEDBG/97 RPT=305 111.222.333.444

    Group [111.222.333.444]

    QM FSM error (P2 struct &0x1c6a0fdc, mess id 0xa652fd7c)!

    ---------------------------------------------------------

    Thanks,

    Bikash
    BikashPanda, Oct 19, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,034
    Claude LeFort
    Nov 11, 2003
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,066
  3. mattsnow
    Replies:
    5
    Views:
    5,915
    mattsnow
    Apr 5, 2007
  4. John Strow
    Replies:
    1
    Views:
    479
  5. Locian
    Replies:
    0
    Views:
    724
    Locian
    Dec 5, 2008
Loading...

Share This Page