Google cloud VPN error

0
votes

I am trying to connect my Google Cloud VPC to a secure network via a VPN.

I am unable to connect and log shows the following:

D  generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] 
D  no matching peer config found 
D  looking for peer configs matching YYY.YYY.YYY.YYY[%any]...XXX.XXX.XXX.XXX[192.168.0.2] 
D  parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH SA TSi TSr ] 
D  received packet: from XXX.XXX.XXX.XXX[4500] to YYY.YYY.YYY.YYY[4500] (204 bytes) 
D  sending packet: from YYY.YYY.YYY.YYY[500] to XXX.XXX.XXX.XXX[500] (440 bytes) 
D  generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] 
D  remote host is behind NAT 
I  XXX.XXX.XXX.XXX is initiating an IKE_SA

What am I missing? The peer network gateway IP is configured as XXX.XXX.XXX.XXX and my Google Cloud IP is YYY.YYY.YYY.YYY.

The steps to create the VPN followed are mentioned in the following link: https://cloud.google.com/compute/docs/vpn/creating-vpns#creating_a_gateway_and_a_tunnel_for_an_auto_mode_vpc_network_using_only_the_gateway_subnet

What could be wrong?

All the configuration are as per the settings mentioned in the document: https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithFortinetFortiGate300C.pdf

2
google-cloud-platformvpn
It seems it is because google cloud platform VPN doesn't support NAT Traversal.sanjay
1:1 NAT is supported by Google cloud VPN. The logs you attached doesn't enough time understand what's the problemAvinoam Meir
NAT-Traveral wasn't supported. Had checked with Google Support.sanjay
@sanjay If my answer below was correct, please both upvote and accept it. Thanks!Alex

2 Answers

0
votes

Looks like you have NAT-T enabled; unfortunately, it's not supported.

EDIT 2019-03-14: NAT-T is now supported with the correct configuration.

-1
votes

generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]

You have an authentication problem.

Usually this problem is due to a misconfigured pre-shared key. Have you double checked it?