Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jlim11
Staff
Staff

Created on ‎04-16-2024 11:24 PM

Article Id 310104

Troubleshooting Tip: The IPsec VPN tunnel not coming up, with debug message 'ignoring IKE request, interface is administratively down'

Description

This article explains why the debug error message appears when the IPsec tunnel is not going up:

debug.PNG
This issue happens while IPSEC VPN settings are properly configured, and the Physical interface is up(In this example, It is port1):

 

interface cli.PNG

 

port1 nic up.PNG
Scope FortiGate.
Solution

The debug error message is referring to the actual IPSEC tunnel interface, not the physical interface.
Changing the status to 'Enabled' or 'Up'  will fix the issue.


To check the status of the IPSEC tunnel interface.

From GUI:

 

interface gui ipsec down.PNG

 

status disabled gui.PNG

 

From CLI:

 

ipsec interface down cli.PNG
For this particular issue, It is more likely that the changes were done administratively.

It is possible to confirm when the changes were made, or who made the changes under the System Event Logs.

 

System event logs.PNG
233
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.