Fortigate/Forinet SSL VPN not Enabling Turning On

May 10, 2016
Random
0 Comments
paris

A VPN for a new site had been working fine , however disconnected and would not stay Active

Enabling Debug

Source code    
diagnose debug application ike -1
diagnose debug enable


Disable Debug

Source code    
diagnose debug reset
diagnose debug disable

Produced the below sort of errors : 

Source code    
ike 0:VPN TTN:16877: ignoring unencrypted PAYLOAD-MALFORMED message from 41.224.14.131:500.
 ike 0:VPN TTN:VPN TTN P2: IPsec SA connect 50 41.224.244.77->41.224.14.131:0
 ike 0:VPN TTN:VPN TTN P2: using existing connection
 ike 0:VPN TTN:VPN TTN P2: config found
 ike 0:VPN TTN:VPN TTN P2: IPsec SA connect 50 41.224.244.77->41.224.14.131:500 negotiating
 ike 0:VPN TTN:16877:VPN TTN P2:17015: ISAKMP SA still negotiating, queuing quick-mode request
 ike 0:VPN TTN:16877: out 474981673AAFACE9D0216ED361A1081D05100201000000000000006C338C4B9F667E7DC90860B2541F716F185CF7E6B42813D02B34C11EFD6B7530644B6D91E5685CA6D1609DFDE30FEE4108D130782677BC3B12A27E544C7E11D2EA89BB51401C1919352C6A93D5CBEB590B
 ike 0:VPN TTN:16877: sent IKE msg (P1_RETRANSMIT): 41.224.244.77:500->41.224.14.131:500, len=108, id=474981673aaface9/d0216ed361a1081d
 ike 0: comes 41.224.14.131:500->41.224.244.77:500,ifindex=50....
 ike 0: IKEv1 exchange=Identity Protection id=474981673aaface9/d0216ed361a1081d len=256
 ike 0: in 474981673AAFACE9D0216ED361A1081D0410020000000000000001000A00008408413E837E46626B7A07879E99EC6B73BF71A99C00F3AF2A0B68B526FD2D3EBDC7AF274255283369206E877CA0EBB0A62257AF229F0600D85C90BF266C8852B2336E9CAFE8F0E7EF63E57CD1E28647A049BF6D1DFCD45C6C23B3F92A95B1EC29A0F9992FC4D78EB018DC54C903339121BCD535F9C9246BD2E62A787466485D980D000018C30B61834BB43EBC5839BC3F53695599BF7DCA4C0D00001412F5F28C457168A9702D9FE274CC01000D00000C09002689DFD6B7120D00001425E6C9CE61A0081DB8BA401A26766C19000000141F07F70EAA6514D3B0FA96542A500100
 ike 0:VPN TTN:16877: retransmission, re-send last message
EBDC7AF274255283369206E877CA0EBB0A62257AF229F0600D85C90BF266C8852B2336E9CAFE8F0E7EF63E57CD1E28647A049BF6D1DFCD45C6C23B3F92A95B1EC29A0F9992FC4D78EB018DC54C903339121BCD535F9C9246BD2E62A787466485D980D000018C30B61834BB43EBC5839BC3F53695599BF7DCA4C0D00001412F5F28C457168A9702D9FE274CC01000D00000C09002689DFD6B7120D00001425E6C9CE61A0081DB8BA401A26766C19000000141F07F70EAA6514D3B0FA96542A500100
 ike 0:VPN TTN:16877: retransmission, re-send last message


Turns out the remote site did not have a static IP Address from it's ISP , we need to get this set from the ISP and change the IP's each time

(1 votes, average: 10.00 out of 5)