IPsec VPN troubleshooting in Fortigate Firewall-
- It is like a password and used for granting access to ipsec VPN
- Its known by both two parties and used to identify each other.
- It should be same at both end.
The pre-shared key does not match (PSK mismatch error).
It is possible to identify a PSK mismatch using the following combination of CLI commands:
diag vpn ike log filter name <phase1-name>
diagnose debug application ike -1
diagnose debug enable
diagnose vpn ike restrat
Now lets lets disable the debugging.
Enter the following CLI command to stop the output.
diagnose debug reset
diagnose debug disable