<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"></font>On 04/08/2014 01:29 AM, blamares023452 wrote:<br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<blockquote cite="mid:98CC6ACA-C63A-486E-9FBB-E8EF69B13447@gmx.com"
type="cite"><span style="color: rgb(34, 34, 34); font-family:
Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size:
13px; background-color: rgb(255, 255, 255); ">I get this while
connecting:</span><br style="color: rgb(34, 34, 34);
font-family: Verdana, Arial, Tahoma, Calibri, Geneva,
sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">[CODE]</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">root@pc:~# ipsec auto
--add Work</span><br style="color: rgb(34, 34, 34); font-family:
Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size:
13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">root@pc:~# ipsec auto
--up Work</span><br style="color: rgb(34, 34, 34); font-family:
Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size:
13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">104 "Work" #4:
STATE_MAIN_I1: initiate</span><br style="color: rgb(34, 34, 34);
font-family: Verdana, Arial, Tahoma, Calibri, Geneva,
sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">003 "Work" #4: received
Vendor ID payload [RFC 3947] method set to=109 </span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">003 "Work" #4: received
Vendor ID payload [Dead Peer Detection]</span><br style="color:
rgb(34, 34, 34); font-family: Verdana, Arial, Tahoma, Calibri,
Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">003 "Work" #4: ignoring
unknown Vendor ID payload [8299031757a36082c6a621de000500b3]</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">106 "Work" #4:
STATE_MAIN_I2: sent MI2, expecting MR2</span><br style="color:
rgb(34, 34, 34); font-family: Verdana, Arial, Tahoma, Calibri,
Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">003 "Work" #4:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are
NATed</span><br style="color: rgb(34, 34, 34); font-family:
Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size:
13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">108 "Work" #4:
STATE_MAIN_I3: sent MI3, expecting MR3</span><br style="color:
rgb(34, 34, 34); font-family: Verdana, Arial, Tahoma, Calibri,
Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">010 "Work" #4:
STATE_MAIN_I3: retransmission; will wait 20s for response</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">010 "Work" #4:
STATE_MAIN_I3: retransmission; will wait 40s for response</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">031 "Work" #4: max
number of retransmissions (2) reached STATE_MAIN_I3. Possible
authentication failure: no acceptable response to our first
encrypted message</span><br style="color: rgb(34, 34, 34);
font-family: Verdana, Arial, Tahoma, Calibri, Geneva,
sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">000 "Work" #4: starting
keying attempt 2 of at most 3, but releasing whack</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<br style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">[/CODE]</span><br
style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<br style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
<span style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); ">And these are the
settings in the fortigate 111c web-UI as seen from the people
who set up the tunnel.</span><br style="color: rgb(34, 34, 34);
font-family: Verdana, Arial, Tahoma, Calibri, Geneva,
sans-serif; font-size: 13px; ">
<br style="color: rgb(34, 34, 34); font-family: Verdana, Arial,
Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; ">
at this URL:
<div><a moz-do-not-send="true"
href="http://i.imgur.com/BKSyvRg.jpg">http://i.imgur.com/BKSyvRg.jpg</a><br>
<span style="color: rgb(34, 34, 34); font-family: Verdana,
Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px;
background-color: rgb(255, 255, 255); "></span><br>
</div>
</blockquote>
<font size="-1">Although I don't have experiences on Ubuntu side,
looks like it doesn't like or understand the response from FG111C.<br>
I would suggest you try application debugging on FG111C through
CLI. It would show you what the FG is responding with. The command
lines are:<br>
<br>
diag debug reset<br>
diag vpn ike log-filter src-addr4 <PUBLIC-IP-ON-UBUNTU-END><br>
diag debug app ike -1<br>
diag debug ena<br>
<br>
By the way, if multiple "Dialup" phase1s are configured on the FG,
you have to specify "peer ID" to accept with this particular
phase1. Otherwise, FG doesn't know which phase1 to be bound. Also,
you should show Phase2 configuration screen as well, At this
moment it seems to be failing at IKE phase1 handshake though.<br>
<br>
Toshi</font>
</body>
</html>