PF-60D IPSEC tunnel SA error
-
Hello Everyone,
I am trying to build an IPSEC tunnel between my pfsense fw and a fortigate 60D fw but it is not working and I have a hard time to understand the reason behind that.
Logs in PF showing that there showing an invalid SA (always checkout in this phase). and i checked everything related to SA and couldn't find any mismatch.
I tried to build another tunnel with Juniper SSG20 with same result except SSG20 logs didn't show any logs from the tunnel, it is like it is a ghost :o
Attached the ph1, ph2, logs config for pf side. Also attached logs of 60D and below the configs.
edit "VPN-xxxx" set type ddns set interface "wan1" set proposal 3des-sha1 set comments "for test purpose" set dhgrp 2 set remotegw-ddns "xxxx" set psksecret ENC xxxx next end edit "VPN-xxxxx" set phase1name "VPN-xxxxx" set proposal 3des-sha1 set pfs disable set keylifeseconds 3600 set src-subnet 172.16.208.0 255.255.255.0 set dst-subnet 172.16.206.0 255.255.255.0 next end ```![phase1.jpg](/public/_imported_attachments_/1/phase1.jpg) ![phase1.jpg_thumb](/public/_imported_attachments_/1/phase1.jpg_thumb) ![phase2.jpg](/public/_imported_attachments_/1/phase2.jpg) ![phase2.jpg_thumb](/public/_imported_attachments_/1/phase2.jpg_thumb) ![pf logs.jpg](/public/_imported_attachments_/1/pf logs.jpg) ![pf logs.jpg_thumb](/public/_imported_attachments_/1/pf logs.jpg_thumb) ![60D logs.jpg](/public/_imported_attachments_/1/60D logs.jpg) ![60D logs.jpg_thumb](/public/_imported_attachments_/1/60D logs.jpg_thumb)
-
Can anyone at least guide me to the right location for the material regarding IPSEC troubleshooting in PFSENSE
-
https://doc.pfsense.org/index.php/IPsec_Troubleshooting
Set the log options as described there and see if you can initiate from the Fortigate side. Even if it doesn't work, the logs will be much more useful in that direction.
Odds are you have a P1 or P2 mismatch