Dear Team,

I have SA540 firewall with me, I am trying to enable a site-to-site VPN between Fortigate 50B and SA540. I am facing issues with the setup. Please say if any license is required for bringing uo the site to site IPSEC tunnel.

Please find the below error logs and the screen shoot generated while bringing up the tunnel in sa540:

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:  accept a request to establish IKE-SA: (Fortigate IP)

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:  Initiating new phase 1 negotiation: (SA540 IP)[500]<=>(Fortigate IP)[500]

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:  Beginning Identity Protection mode.

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:185]: XXX: NUMNATTVENDORIDS: 3

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 4

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 8

Sat Dec 22 18:22:26 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 9

Sat Dec 22 18:22:57 2012 (GMT +0530): [Cisco] [IKE] ERROR:  Invalid SA protocol type: 0

Sat Dec 22 18:22:57 2012 (GMT +0530): [Cisco] [IKE] ERROR:  Phase 2 negotiation failed due to time up waiting for phase1.

Sat Dec 22 18:23:14 2012 (GMT +0530): [Cisco] [IKE] INFO:  Using IPsec SA configuration: 192.168.1.0/24<->192.168.15.0/24

Sat Dec 22 18:23:14 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:23:14 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:23:45 2012 (GMT +0530): [Cisco] [IKE] ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP (Fortigate IP)->(SA540 IP)

Sat Dec 22 18:24:16 2012 (GMT +0530): [Cisco] [IKE] ERROR:  Phase 1 negotiation failed due to time up for (Fortigate IP)[500]. 367261e23cbb24a2:0000000000000000

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Using IPsec SA configuration: 192.168.1.0/24<->192.168.15.0/24

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Initiating new phase 1 negotiation: (SA540 IP)[500]<=>(Fortigate IP)[500]

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Beginning Identity Protection mode.

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:185]: XXX: NUMNATTVENDORIDS: 3

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 4

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 8

Sat Dec 22 18:24:27 2012 (GMT +0530): [Cisco] [IKE] INFO:   [isakmp_ident.c:189]: XXX: setting vendorid: 9

Sat Dec 22 18:24:58 2012 (GMT +0530): [Cisco] [IKE] ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP (Fortigate IP)->(SA540 IP)

Sat Dec 22 18:25:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Using IPsec SA configuration: 192.168.1.0/24<->192.168.15.0/24

Sat Dec 22 18:25:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Sat Dec 22 18:25:27 2012 (GMT +0530): [Cisco] [IKE] INFO:  Configuration found for (Fortigate IP).

Thank you guys,

Chaitanya.G