"Cannot identify peer for encrypted connection"

Advanced search

[gsandorx]

Hi,
I have to set up a site-to-site VPN between my CP gateway, and a FORTIGATE 200A.
When I ping one of the remote internal addresses ,SmartView Tracker is reports me the following error:
"encryption failure: Cannot identify peer for encrypted connection (VPN error 01)"
When I ping from the other side (the remote site), i get the same message but with (VPN error 04).

I'm using NG R55 with AI HFA20.

Any ideas?

Thanks,
Sandor

[juve]

Are you using simplified mode or traditional mode policies? If using traditional mode, double-click the encrypt on the rule and make sure the correct gateway is assigned as peer. Also check that routing is set towards the external gateway for the VPN subnet and that the encryption domain of the remote firewall is setup correctly on the interoperable device.

[gsandorx]

i'm using traditional-mode.

>> "Also check that routing is set towards the external gateway for the VPN subnet"

i don't get this. do you mean that i have to update my Fw's routing table to contains the remote VPN domain. i mean, if the remote domain is 192.168.1.0/24 i have to have a route to reach that subnet???

[juve]

you don't need an explicit route, unless you have a more general route pointing towards the inside or dmz. If you have a route sending 192.168.0.0/16 towards the lan, the firewall thinks 192.168.1.0/24 is also on the lan and this has an impact on encryption. If you don't have any route in the routing table, the default gateway is selected anyway.

• Articles
• Knowledge base