I'm having an issue trying to setup a IPSec VPN between a RB1100(v4.12) and a FortGate 331B (v4.0,build0342,120227). I have tried searching through the support forums, but have not found any helpful information as yet.
I have included logs and configs of both devices to this post. It basically dies with a "invalid length of payload/malformed or expired" error, and I'm at a total loss as to what is wrong.
Code: Select all
jul/18 16:48:39 ipsec respond new phase 1 negotiation: *MIKROTIK-IP*[500]<=>*FORTGATE-IP*[500]
jul/18 16:48:39 ipsec begin Identity Protection mode.
jul/18 16:48:39 ipsec received Vendor ID: RFC 3947
jul/18 16:48:39 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
jul/18 16:48:39 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
jul/18 16:48:39 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
jul/18 16:48:39 ipsec
jul/18 16:48:39 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-01
jul/18 16:48:39 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
jul/18 16:48:39 ipsec received Vendor ID: DPD
jul/18 16:48:39 ipsec Selected NAT-T version: RFC 3947
jul/18 16:48:39 ipsec Hashing *MIKROTIK-IP*[500] with algo #1
jul/18 16:48:39 ipsec NAT-D payload #0 verified
jul/18 16:48:39 ipsec Hashing *FORTGATE-IP*[500] with algo #1
jul/18 16:48:39 ipsec NAT-D payload #1 verified
jul/18 16:48:39 ipsec NAT not detected
jul/18 16:48:39 ipsec Hashing *REMOTE-IP*[500] with algo #1
jul/18 16:48:39 ipsec Hashing *FORTGATE-IP*[500] with algo #1
jul/18 16:48:39 ipsec Adding remote and local NAT-D payloads.
jul/18 16:48:39 ipsec phase1 negotiation failed due to time up. f3910b0466248ffb:db0f570033e05fba
jul/18 16:48:39 ipsec invalid length of payloadThanks very much!
