ASA-Forti VPN site-to-site

ibrahim_hassan · ‎03-03-2013

Dears,

we have configured VPN site-to-site between ASA 8.2 and fortigate , suddenly we found VPN is not working with the below log message:

%ASA-5-713257: Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 2 Cfg'd: Group 5

when we restart ASA the issue resolved , is there any known bug related to ASA about this issue.

Thanks

jawad-mukhtar · ‎03-03-2013

It is not a failure. It just a log message meanning that isakmp policy list sent by the client does not use group 5. The peer sends all the configured proposals and the first one does not match but the second one does.

*** Do Rate Helpful Posts***

Jawad

ibrahim_hassan · ‎03-04-2013

Thanks but really the VPN tunnel didn't up till i put the matched one as the first priority.

shraddha.pajwani · ‎09-09-2016

Hi, Jawad

I have same error showing on firewall 5505, however I can ping to remote end peer from server. I see site to site vpn session as well. How can I get this error resolved.

Phase 1 (Main mode)

Lifetime: 86400s (1 day)
Encryption: AES256
Hash: SHA1
Key-Ex: Group5

PSK to be determined later.

Phase 2
Lifetime: 3600s (1 hour)
Encryption: AES256
Hash: SHA1
PFS: Group5


Phase 1 failure: Mismatched attribute types for class Group Description: Rcv'd: Group 5 Cfg'd: Group 2Group
 194.138.39.1, IP = 194.138.39.1, Received non-routine Notify message: No proposal chosen (14)


I can ping to 194.138.39.24


Thank you
Shraddha