IP Sec tunnel between SOPHOS XG and Fortinet not being UP

Question

Hi,

I was trying to make SOPHOS to Fortinet IPSec VPN. Its not established. When i was trying to collect the strongswan logs getting this message. Someone can guide how to resolve the issue?

2022-01-20 11:28:21 15[NET] <site1-1|42973> sending packet: from X.X.X.X[500] to X.X.X.X[500] (1482 bytes)

2022-01-20 11:29:36 15[IKE] <site1-1|42973> giving up after 5 retransmits

2022-01-20 11:29:36 15[DMN] <site1-1|42973> [GARNER-LOGGING] (child_alert) ALERT: IKE message (7C0021C0) retransmission to X.X.X.X timed out

2022-01-20 11:29:36 15[DMN] <site1-1|42973> [GARNER-LOGGING] (child_alert) ALERT: peer did not respond to initial message 2

2022-01-20 11:29:36 15[IKE] <site1-1|42973> peer not responding, trying again (4/0)

2022-01-20 11:29:36 15[IKE] <site1-1|42973> initiating IKE_SA site1-1[42973] to X.X.X.X

2022-01-20 11:29:36 15[ENC] <site1-1|42973> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]

2022-01-20 11:29:36 15[NET] <site1-1|42973> sending packet: from X.X.X.X[500] to X.X.X.X[500] (1482 bytes)

This thread was automatically locked due to age.

emmosophos · Answer

Hello there, 
 Thank you for contacting the Sophos Community. 
 Based on the log it does look like the other device isn&rsquo;t responding to our packages. 
 Since we aren&rsquo;t seeing any reply to the packets, you would need to check first on the other device if it hasn&rsquo;t misconfigured DNAT rules, and what the logs on their end say when the tunnel is trying to be established. 
 Regards,