Please can someone show me how can I resolve this log issue

Hi Ohis,

Please turn of the debug log.

Please check if your Phase1 Parameters do match with the other gateway.

And check if you entered the IP in "remote Gateway" correctly.

Yours Lukas

Thank you for the reply I've followed your recommendation to the extent of checking the parameters one by one 

but the error still shows on the log.

Though the Phase1 get established after cross checking the connection...but still not been able to establish my vpn connection

between my Sophos XG firewall and Fortigate firewall

Hi Ohis,

then please share the IPsec Log with Debugging disabled.

Yours Lukas

Hello Ina,

Find below the logs

2018-01-09 11:40:34 16[ENC] <Appzone_FS-1|554> generating ID_PROT request 0 [ SA V V V V V ]
2018-01-09 11:40:34 16[NET] <Appzone_FS-1|554> sending packet: from x.x.x.x[500] to x.x.x.x[500] (252 bytes)
2018-01-09 11:40:34 17[NET] <Appzone_FS-1|554> received packet: from x.x.x.x[500] to x.x.x.x[500] (172 bytes)
2018-01-09 11:40:34 17[ENC] <Appzone_FS-1|554> parsed ID_PROT response 0 [ SA V V V V ]
2018-01-09 11:40:34 17[IKE] <Appzone_FS-1|554> received DPD vendor ID
2018-01-09 11:40:34 17[ENC] <Appzone_FS-1|554> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
2018-01-09 11:40:34 17[IKE] <Appzone_FS-1|554> received FRAGMENTATION vendor ID
2018-01-09 11:40:34 17[IKE] <Appzone_FS-1|554> received FRAGMENTATION vendor ID
2018-01-09 11:40:34 17[ENC] <Appzone_FS-1|554> generating ID_PROT request 0 [ KE No ]
2018-01-09 11:40:34 17[NET] <Appzone_FS-1|554> sending packet: from x.x.x.x[500] to x.x.x.x[500] (260 bytes)
2018-01-09 11:40:34 24[NET] <Appzone_FS-1|554> received packet: from x.x.x.x[500] to x.x.x.x[500] (244 bytes)
2018-01-09 11:40:34 24[ENC] <Appzone_FS-1|554> parsed ID_PROT response 0 [ KE No ]
2018-01-09 11:40:34 24[ENC] <Appzone_FS-1|554> generating ID_PROT request 0 [ ID HASH ]
2018-01-09 11:40:34 24[NET] <Appzone_FS-1|554> sending packet: from x.x.x.x[500] to x.x.x.x[500] (92 bytes)
2018-01-09 11:40:34 21[NET] <Appzone_FS-1|554> received packet: from x.x.x.x[500] to x.x.x.x[500] (92 bytes)
2018-01-09 11:40:34 21[ENC] <Appzone_FS-1|554> parsed ID_PROT response 0 [ ID HASH ]
2018-01-09 11:40:34 21[IKE] <Appzone_FS-1|554> IDir 'x.x.x.x' does not match to 'x.x.x.x'
2018-01-09 11:40:34 21[IKE] <Appzone_FS-1|554> deleting IKE_SA Appzone_FS-1[554] between x.x.x.x[x.x.x.x]...x.x.x.x[%any]
2018-01-09 11:40:34 21[IKE] <Appzone_FS-1|554> sending DELETE for IKE_SA Appzone_FS-1[554]
2018-01-09 11:40:34 21[ENC] <Appzone_FS-1|554> generating INFORMATIONAL_V1 request 318455793 [ HASH D ]
2018-01-09 11:40:34 21[NET] <Appzone_FS-1|554> sending packet: from x.x.x.x[500] to x.x.x.x[500] (108 bytes)
2018-01-09 11:40:35 20[DMN] [GARNER-LOGGING] (child_alert) ALERT: received IKE message with invalid SPI (66AF1C8E) from other side

The result of packet capture from sophos:


10:40:38.891222 Port2, OUT: IP x.x.x.x > x.x.x.x.500: isakmp: phase 1 I ident
10:40:43.759764 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:40:47.763232 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:40:54.967229 Port2, OUT: IP x.x.x.x.500 > x.x.x.x: isakmp: phase 1 I ident
10:40:54.977209 Port2, IN: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:40:54.977801 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 2/others R inf
10:41:07.931189 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:41:31.263236 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:41:54.475870 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:41:58.483187 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:04.998812 Port2, IN: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:04.999480 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 2/others R inf
10:42:05.691245 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:08.983560 Port2, IN: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:08.984166 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 2/others R inf
10:42:12.982913 Port2, IN: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:12.983531 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 2/others R inf
10:42:13.259190 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident
10:42:18.659204 Port2, OUT: IP x.x.x.x.500 > x.x.x.x.500: isakmp: phase 1 I ident


19 packets captured
21 packets received by filter
0 packets dropped by kernel

Hi Ohis,

i think this is the Relevant line:

2018-01-09 11:40:34 21[IKE] <Appzone_FS-1|554> IDir 'x.x.x.x' does not match to 'x.x.x.x'

the ID you configured does not match the ID with wich the Fortinet tried to authenticate.

if the numbers in the logline are the same maybe it is the wrong Format

example: expected ID Type in UTM is "IPv4" and your Fortynet sends ID-Type "Hostname" filled with an IP Adress (Looks the same in logging)

Yours Lukas

Hi and welcome to the UTM Community!

There are very few people participating here that have extensive knowledge about XG - Lukas is one of them.  You should post your XG questions in the XG Community.

Cheers - Bob

I'd check the VPN ID's on both sides ie hostname/ip address/email address

Hello,

Thanks Ina and everyone that contributed I just resolve the issue by replacing the fortigate with cisco router the the vpn was established almost immediately givving me the conclusion of the only mismatch error I've been getting is the equipment compartibility.

Thank you so much  

Hello,

Thanks Ina and everyone that contributed I just resolve the issue by replacing the fortigate with cisco router the the vpn was established almost immediately givving me the conclusion of the only mismatch error I've been getting is the equipment compartibility.

Thank you so much