02-25-2020 02:04 AM
Dear Concern,
As subjected i am facing the problem creating site to site vpn between ASA and fortigate. IKEv2 phase 1 is seuccesfully up but phase 2 is not... here is the config
crypto ipsec ikev2 ipsec-proposal xxx-PROP
protocol esp encryption aes-256
protocol esp integrity sha-256
crypto map x-MAP 10 match address S2S-VPN
crypto map x-MAP 10 set pfs group20
crypto map x-MAP 10 set peer x.x.x.x
crypto map x-MAP 10 set ikev2 ipsec-proposal xxxx
crypto map x-MAP 10 set ikev2 pre-shared-key xxxxx
crypto map x-MAP 10 set security-association lifetime seconds 28800
Thanks in advance....
02-25-2020 02:25 AM
Look at the below guide :
https://cookbook.fortinet.com/ipsec-fortigate-cisco/index.html
can you post the Logs on both the side, by enabling debug, need to see what is causing the faile the Phase 2 ?
02-25-2020 03:14 AM
02-25-2020 01:18 PM
could you get the following debug
logging buffer-size 234345
logging console debug
!
capture VPN-TEST trace isakmp interface outside match ip host YOUR-IP host REMOTE-PEER
!
debug crypto condition peer XXX
debug crypto ikev2 platform 127
debug crypto ikev2 proto 127
debug crypto ipsec 127
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide