IPsec VPN Phase 2 Selectors Mismatch in Fortigate Firewall

985

IPsec VPN Phase 2 Selectors Mismatch in Fortigate Firewall :-

Command to identifying Phase 2 selectors mismatch in fortigate Firewall-

diagnose vpn ike log-filter dst-addr4 a.b.c.d

diag vpn ike log-filter name abcd

diagnose debug application ike -1

diagnose debug enable

Phase 2 selector mismatch output:-

ike 0:NETPCS-2:9265:54778: peer proposal is: peer:0:172.40.0.0-172.40.0.255:0, me:0:192.168.37.0-192.168.37.255:0

ike 0:NETPCS-2:9265:NETPCS-2-4:54778: trying

ike 0:NETPCS-2:9265:54778: specified selectors mismatch

ike 0:NETPCS-2:9259:54768: no matching phase2 found

ike 0:NETPCS-2:9259:54768: failed to get responder proposal

 To Stop debugging-

diagnose debug reset

diagnose debug disable

IPsec VPN troubleshooting in Fortigate Firewall

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here