[Site-to-Site] Phase-2 is not proceeded

BAEK_1027 · ‎07-18-2021

Hi, I tried to set Site to Site with FortiGate VPN.

However, I wonder why it is not proceeded Phase-2 as follows.

Can you check it please?

crypto map outside_map 21 match address outside_cryptomap_21
crypto map outside_map 21 set pfs
crypto map outside_map 21 set peer 13.125.160.32
crypto map outside_map 21 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 21 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 22 match address outside_cryptomap_16
crypto map outside_map 22 set pfs
crypto map outside_map 22 set peer 219.250.188.2
crypto map outside_map 22 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 22 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 23 match address outside_cryptomap_22
crypto map outside_map 23 set peer 194.245.91.15
crypto map outside_map 23 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 24 match address outside_cryptomap_19
crypto map outside_map 24 set pfs group5
crypto map outside_map 24 set peer 27.1.253.142
crypto map outside_map 24 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside

vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_27.1.253.142 internal
group-policy GroupPolicy_27.1.253.142 attributes

ikev1 pre-shared-key *****
tunnel-group 27.1.253.142 type ipsec-l2l
tunnel-group 27.1.253.142 general-attributes
default-group-policy GroupPolicy_27.1.253.142
tunnel-group 27.1.253.142 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!

marce1000 · ‎07-19-2021

- Checkout this example setup and or compare with your settings :

https://www.youtube.com/watch?v=sqwHyKVMhFU

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !