Re: Site to Site IKEv2 VPN between ASA and Fortinet

kashifglobal12 · ‎02-25-2020

Dear Concern,

As subjected i am facing the problem creating site to site vpn between ASA and fortigate. IKEv2 phase 1 is seuccesfully up but phase 2 is not... here is the config

crypto ipsec ikev2 ipsec-proposal xxx-PROP
protocol esp encryption aes-256
protocol esp integrity sha-256

crypto map x-MAP 10 match address S2S-VPN
crypto map x-MAP 10 set pfs group20
crypto map x-MAP 10 set peer x.x.x.x
crypto map x-MAP 10 set ikev2 ipsec-proposal xxxx
crypto map x-MAP 10 set ikev2 pre-shared-key xxxxx
crypto map x-MAP 10 set security-association lifetime seconds 28800

Thanks in advance....

balaji.bandi · ‎02-25-2020

Look at the below guide :

https://cookbook.fortinet.com/ipsec-fortigate-cisco/index.html

can you post the Logs on both the side, by enabling debug, need to see what is causing the faile the Phase 2 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kashifglobal12 · ‎02-25-2020

Dear
Fortinet is on another side. I have access on cisco but there are no logs
after putting "debug crypto ipsec"

##- Please type your reply above this line -#

Sheraz.Salim · ‎02-25-2020

could you get the following debug

logging buffer-size 234345

logging console debug

!

capture VPN-TEST trace isakmp interface outside match ip host YOUR-IP host REMOTE-PEER

!

debug crypto condition peer XXX

debug crypto ikev2 platform 127

debug crypto ikev2 proto 127

debug crypto ipsec 127

please do not forget to rate.