VPN between PIX & FortiGate

mahavirsj · ‎10-09-2006

I am facing probelm while establishing VPN between PIX & FortiGate.

The VPN gets established & works for soemtime -- a couple of days & then teh connection suddenly drops.

The VPN tunnel comes up only when the VPN tunnel is reset from the FortiGate end.

Coudl any one put some light on this.

Thanks

Mahavir

jburk · ‎10-10-2006

I would like to see the output of the command [diag debug app ike 2] from the console of the Fortinet box at the time the tunnel goes down.

mahavirsj · ‎10-10-2006

Below the debug frim the FortiGate

Comes :500->

:500,ifindex=8, vf_id=0....

Exchange Mode = 2, I_COOKIE = 0x596D677AF9737E85, Len = 68

checking Mastek 8 ->

:500

Mastek: phase1 found

Received Payloads= ID HASH

Initiator: main mode get 3rd response...

Mastek: set phase1(0x845b970) timeout=28800

Initiator: parsed main mode message #3 (DONE)

Then there is a packet, which apparently changes the phase1- lifetime to 900:

Comes :500->

:500,ifindex=8, vf_id=0....

Exchange Mode = 5, Message id = 0x24D43533, Len = 92

checking Mastek 8 ->

:500

Mastek: phase1 found

####### ISAKMP INFO ##########

Received Payloads= HASH Notif

######### Receive Information Payload(Protected)#########

protocol_id=1, notify_msg=24576 (24576??), ispi_size=16

spi=596d677af9737e85739a05686c065ee9

Msg=80

phase1 life time is changed to 900".

Mastek: set phase1(0x845b970) timeout=900

Is this usual IPsec behaviour ?

5tscire · ‎04-02-2008

Hello, curious if you got any more information on this? I am facing the same exact problem.