Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
0
Helpful
2
Replies

Unable to establish IPsec tunnel with Fortigate firewall

alantan
Level 1
Level 1

‎08-01-2017 10:22 AM - edited ‎02-21-2020 09:23 PM

Hi All,

Anyone can help look into this attach log which failure to establish the site to site tunnel with fortigate firewall appliances. Any idea standard guideline can be follow  peering tunnel with third parties firewall as mentioned ?

Labels:
Preview file
119 KB
Preview file
26 KB
0 Helpful
2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

‎08-01-2017 08:57 PM

Hi,

As per the logs we see QM FSM errors that means Phase 2 settings are not matching on both the peers.

Can you please validate the same?

Phase 2 settings include your transform set, access-list for interesting traffic and PFS setting (if enabled)

Regards,

Aditya

Please rate helpful and mark correct answers

0 Helpful

zaydiip
Level 1
Level 1

‎08-02-2017 04:23 AM

Hi Alantan,

You have to enable PFS on Cisco side

0 Helpful
Customers Also Viewed These Support Documents