Quantcast
Channel: Azure Networking (DNS, Traffic Manager, VPN, VNET) forum
Viewing all articles
Browse latest Browse all 6513

Unable to establish VPN connectivity from Fortigate to Azure

July 10, 2015, 3:07 am
$
0
0

Hello,
I am trying to setup  a VPN tunnel with Fortinet100D OS 5.2.x but failed to establish the connection. I have tried all possible ways to fix the issue such as changing the phase1 and phase2 parameters etc but still couldn't figure out the issue. From the fortigate side i can see that the "SA Proposal" chosen message but the connection is getting timed out. Here is the log of Azure gateway.


[0]0A9C.0A84::07/10/2015-09:33:00.970 [user] |NULL|Dispatching START control code to WfpMidlObjectHandler
[0]0A9C.0A84::07/10/2015-09:33:00.970 [user] |NULL|Event handled successfully.
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Dispatching STOP control code to WfpMidlObjectHandler
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Event handled successfully.
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Dispatching STOP control code to FwppNameCacheHandler
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Event handled successfully.
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Dispatching STOP control code to FwppReplicaHandler
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Event handled successfully.
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Dispatching STOP control code to FwppMemHandler
[0]0BD0.0B0C::07/10/2015-09:33:01.120 [user] |NULL|Event handled successfully.
Unknown( 10): GUID=aa0b6504-c6f5-a23c-8cf9-8395f0894088 (No Format Information found).
Unknown( 10): GUID=aa0b6504-c6f5-a23c-8cf9-8395f0894088 (No Format Information found).
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Dispatching START control code to FwppMemHandler
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Dispatching START control code to FwppReplicaHandler
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Dispatching START control code to FwppNameCacheHandler
[0]0858.0688::07/10/2015-09:33:33.868 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Dispatching STOP control code to WfpMidlObjectHandler
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Dispatching STOP control code to FwppNameCacheHandler
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Dispatching STOP control code to FwppReplicaHandler
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Event handled successfully.
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Dispatching STOP control code to FwppMemHandler
[0]0858.0688::07/10/2015-09:33:33.922 [user] |NULL|Event handled successfully.
Unknown( 10): GUID=0da5b825-5c26-ff04-0105-20170ce05933 (No Format Information found).
Unknown( 11): GUID=1dc2d67f-8381-6303-e314-6c1452eeb529 (No Format Information found).
Unknown( 10): GUID=1dc2d67f-8381-6303-e314-6c1452eeb529 (No Format Information found).
Unknown( 42): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 41): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 16): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 11): GUID=1dc2d67f-8381-6303-e314-6c1452eeb529 (No Format Information found).
Unknown( 10): GUID=1dc2d67f-8381-6303-e314-6c1452eeb529 (No Format Information found).
Unknown( 42): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 41): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 16): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 25): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.851 [ikeext] 0|195.195.246.153|QM localAddr : 172.22.0.0.0 Mask 255.255.0.0 Protocol 0
[0]030C.0834::07/10/2015-09:33:34.851 [ikeext] 0|195.195.246.153|QM peerAddr : 192.168.0.0.0 Mask 255.255.0.0 Protocol 0
Unknown( 20): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 21): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 22): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 29): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 12): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
Unknown( 29): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 15): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
Unknown( 23): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 24): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 10): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
Unknown( 16): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.852 [ikeext] 0|195.195.246.153|Construct IKEHeader
Unknown( 64): GUID=f41650cc-42b0-f81f-3e57-02226078cd90 (No Format Information found).
Unknown( 51): GUID=f41650cc-42b0-f81f-3e57-02226078cd90 (No Format Information found).
Unknown( 52): GUID=f41650cc-42b0-f81f-3e57-02226078cd90 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeAcquireCredentialsHandleHelper failed with Windows error -2146893042(SEC_E_NO_CREDENTIALS)
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeAcquireCredentialsHandleHelper failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeAcquireCredentialsHandle failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeInitializeSspi failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeCreateSspiIke failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
Unknown( 56): GUID=f41650cc-42b0-f81f-3e57-02226078cd90 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.852 [user] |195.195.246.153|IkeGetSspiContext failed with HRESULT 0x8009030e(SEC_E_NO_CREDENTIALS)
[0]030C.0834::07/10/2015-09:33:34.852 [ikeext] 0|195.195.246.153|Construct SA
[0]030C.0834::07/10/2015-09:33:34.852 [ikeext] 0|195.195.246.153|Co-existence VendorId keymod flags 1
[0]030C.0834::07/10/2015-09:33:34.852 [ikeext] 0|195.195.246.153|Construct VENDOR type MSFT supported keying modules
Unknown( 41): GUID=08bde363-89a7-96f6-73de-58dd49d49245 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|IKE not sending co-existence Vendor ID
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type MS NT5 ISAKMPOAKLEY
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type RFC 3947
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type draft-ietf-ipsec-nat-t-ike-02

[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type FRAGMENTATION
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type MS-Negotiation Discovery Capable
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type Vid-Initial-Contact
[0]030C.0834::07/10/2015-09:33:34.853 [ikeext] 0|195.195.246.153|Construct VENDOR type IKE CGA version 1
Unknown( 32): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 33): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.860 [ikeext] 0|195.195.246.153|iCookie 59f9fa219bc8b39a rCookie 0000000000000000
[0]030C.0834::07/10/2015-09:33:34.860 [ikeext] 0|195.195.246.153|Exchange type: IKE Main Mode Length 372 NextPayload SA Flags 0x0 Messid 0x00000000
[0]030C.0834::07/10/2015-09:33:34.860 [ikeext] 0|195.195.246.153|Local Address: 191.238.115.44.500 Protocol 0
[0]030C.0834::07/10/2015-09:33:34.860 [ikeext] 0|195.195.246.153|Peer Address: 195.195.246.153.500 Protocol 0
Unknown( 34): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 30): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 31): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 11): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 22): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
Unknown( 66): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
[0]02A4.06DC::07/10/2015-09:33:34.861 [user] |NULL|BfeSaContextFindById failed with Windows error -2144206840(FWP_E_NOT_FOUND)
[0]02A4.06DC::07/10/2015-09:33:34.861 [user] |NULL|BfeSaContextFindById failed with HRESULT 0x80320008(FWP_E_NOT_FOUND)
[0]02A4.06DC::07/10/2015-09:33:34.861 [user] |NULL|BfeSaContextUpdateAcquire failed with HRESULT 0x80320008(FWP_E_NOT_FOUND)
[0]030C.0834::07/10/2015-09:33:34.861 [user] |NULL|FwppProxyKeyModuleUpdateAcquire failed with Windows error -2144206840(FWP_E_NOT_FOUND)
Unknown( 67): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
Unknown( 28): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 25): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.861 [ikeext] 0|195.195.246.153|QM localAddr : 172.22.0.0.0 Mask 255.255.0.0 Protocol 0
[0]030C.0834::07/10/2015-09:33:34.861 [ikeext] 0|195.195.246.153|QM peerAddr : 192.168.0.0.0 Mask 255.255.0.0 Protocol 0
Unknown( 20): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 21): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 22): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
Unknown( 10): GUID=a608e25a-0413-a430-ae2f-1ad586d08d74 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.862 [user] |195.195.246.153|IkeMatchFwpmFilter failed with Windows error 13825(ERROR_IPSEC_IKE_NO_POLICY)
[0]030C.0834::07/10/2015-09:33:34.862 [user] |195.195.246.153|IkeMatchFwpmFilter failed with HRESULT 0x80073601(ERROR_IPSEC_IKE_NO_POLICY)
[0]030C.0834::07/10/2015-09:33:34.862 [user] |195.195.246.153|IkeFindQMPolicy failed with HRESULT 0x80073601(ERROR_IPSEC_IKE_NO_POLICY)
Unknown( 66): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
Unknown( 28): GUID=5d099e3d-a18d-6372-1e9d-54246d8dea30 (No Format Information found).
[0]030C.0834::07/10/2015-09:33:34.862 [user] |NULL|IkeProcessAcquireDispatch failed with HRESULT 0x80073601(ERROR_IPSEC_IKE_NO_POLICY)
Unknown( 21): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 32): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 33): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
[0]030C.0A90::07/10/2015-09:33:35.858 [ikeext] 120|195.195.246.153|iCookie 59f9fa219bc8b39a rCookie 0000000000000000
[0]030C.0A90::07/10/2015-09:33:35.858 [ikeext] 120|195.195.246.153|Exchange type: IKE Main Mode Length 372 NextPayload SA Flags 0x0 Messid 0x00000000
[0]030C.0A90::07/10/2015-09:33:35.858 [ikeext] 120|195.195.246.153|Local Address: 191.238.115.44.500 Protocol 0
[0]030C.0A90::07/10/2015-09:33:35.858 [ikeext] 120|195.195.246.153|Peer Address: 195.195.246.153.500 Protocol 0
Unknown( 34): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 31): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 21): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 32): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 33): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
[0]030C.0A90::07/10/2015-09:33:36.860 [ikeext] 120|195.195.246.153|iCookie 59f9fa219bc8b39a rCookie 0000000000000000
[0]030C.0A90::07/10/2015-09:33:36.860 [ikeext] 120|195.195.246.153|Exchange type: IKE Main Mode Length 372 NextPayload SA Flags 0x0 Messid 0x00000000
[0]030C.0A90::07/10/2015-09:33:36.860 [ikeext] 120|195.195.246.153|Local Address: 191.238.115.44.500 Protocol 0
[0]030C.0A90::07/10/2015-09:33:36.860 [ikeext] 120|195.195.246.153|Peer Address: 195.195.246.153.500 Protocol 0
Unknown( 34): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 31): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 21): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 32): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 33): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
[0]030C.0A90::07/10/2015-09:33:39.868 [ikeext] 120|195.195.246.153|iCookie 59f9fa219bc8b39a rCookie 0000000000000000
[0]030C.0A90::07/10/2015-09:33:39.868 [ikeext] 120|195.195.246.153|Exchange type: IKE Main Mode Length 372 NextPayload SA Flags 0x0 Messid 0x00000000
[0]030C.0A90::07/10/2015-09:33:39.868 [ikeext] 120|195.195.246.153|Local Address: 191.238.115.44.500 Protocol 0
[0]030C.0A90::07/10/2015-09:33:39.868 [ikeext] 120|195.195.246.153|Peer Address: 195.195.246.153.500 Protocol 0
Unknown( 34): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
Unknown( 31): GUID=0a0c7439-5f06-4edc-c528-eccb8aee9037 (No Format Information found).
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Dispatching START control code to FwppMemHandler
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Dispatching START control code to FwppReplicaHandler
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Dispatching START control code to FwppNameCacheHandler
[0]0328.0AC0::07/10/2015-09:34:30.428 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Dispatching STOP control code to WfpMidlObjectHandler
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Dispatching STOP control code to FwppNameCacheHandler
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Dispatching STOP control code to FwppReplicaHandler
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Event handled successfully.
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Dispatching STOP control code to FwppMemHandler
[0]0328.0AC0::07/10/2015-09:34:30.481 [user] |NULL|Event handled successfully.
Unknown( 18): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 40): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
Unknown( 48): GUID=e50917fd-367d-f30c-4c8a-5765c56125ee (No Format Information found).
Unknown( 58): GUID=7857a320-42ee-6e90-d5d9-3f414e3ea2d3 (No Format Information found).
Unknown( 17): GUID=bcfc3a26-31c8-1ef4-9744-9e9a88f8ed1e (No Format Information found).
[0]030C.04BC::07/10/2015-09:34:32.665 [ikeext] 120|195.195.246.153|IKE diagnostic event:
Event Header:
  Timestamp: 1601-01-01T00:00:00.000Z
  Flags: 0x00000106
    Local address field set
    Remote address field set
    IP version field set
  IP version: IPv4
  IP protocol: 0
  Local address: 191.238.115.44
  Remote address: 195.195.246.153
  Local Port: 0
  Remote Port: 0
  Application ID:
  User SID: <invalid>
Failure type: IKE/Authip Main Mode Failure
Type specific info:
  Failure error code:0x000035ed
    Negotiation timed out   Failure point: Local
  Flags: 0x00000000
  Keying module type: Ike
  MM State: First roundtrip packet sent
  MM SA role: Initiator
  MM auth method: Unknown
  Cert hash:
0000000000000000000000000000000000000000
  MM ID: 0x0000000000000078
  MM Filter ID: 0x000000000001167f
  Local Principal Name:
  Remote Principal Name:
  Local Principal Group SIDs:
  Remote Principal Group SIDs:


From the azure gateway log i can see that the failure point is local and "Negotiation timed out" . Not sure what does this mean.
Have rang the fortigate Support and they mentioned all the settings are correct from the fortigate side and they gave up the issue.

Thank you very much and i really appreciate your help towards resolving this issue.

Search
Viewing all articles
Browse latest Browse all 6513
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>