{"id":4217,"date":"2018-01-17T17:22:52","date_gmt":"2018-01-17T08:22:52","guid":{"rendered":"https:\/\/www.syuheiuda.com\/?p=4217"},"modified":"2020-04-11T16:22:09","modified_gmt":"2020-04-11T07:22:09","slug":"azure-vpn-gateway-%e3%81%a8-fortigate-%e3%81%a7-vpn-%e3%81%8c%e3%81%a4%e3%81%aa%e3%81%8c%e3%82%89%e3%81%aa%e3%81%84%e3%83%bb%e4%b8%8d%e5%ae%89%e5%ae%9a%e3%81%aa%e5%a0%b4%e5%90%88%e3%81%ae%e3%83%88","status":"publish","type":"post","link":"https:\/\/www.syuheiuda.com\/?p=4217","title":{"rendered":"Azure VPN Gateway \u3068 Fortigate \u3067 VPN \u304c\u3064\u306a\u304c\u3089\u306a\u3044\u5834\u5408\u306e\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u65b9\u6cd5"},"content":{"rendered":"<p>\u3069\u3053\u306e\u3054\u5bb6\u5ead\u306b\u3082\u3042\u308b\u4e00\u822c\u7684\u306a Fortigate 100E \u3067 Azure \u3068 VPN \u306e\u63a5\u7d9a\u691c\u8a3c\u3092\u3057\u3066\u307f\u305f\u306e\u3067\u3001\u500b\u4eba\u7684\u306a\u30e1\u30e2\u3068\u3057\u3066\u6b8b\u3057\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n<h2>\u5404\u7a2e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8<\/h2>\n<ul>\n<li>\u30b5\u30a4\u30c8\u9593 VPN \u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u63a5\u7d9a\u7528\u306e VPN \u30c7\u30d0\u30a4\u30b9\u3068 IPsec\/IKE \u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u306b\u3064\u3044\u3066<br \/><a href=\"https:\/\/docs.microsoft.com\/ja-jp\/azure\/vpn-gateway\/vpn-gateway-about-vpn-devices\">https:\/\/docs.microsoft.com\/ja-jp\/azure\/vpn-gateway\/vpn-gateway-about-vpn-devices<\/a><\/li>\n<li>IPsec VPN to Microsoft Azure<br \/><a href=\"http:\/\/cookbook.fortinet.com\/ipsec-vpn-microsoft-azure-56\/\">http:\/\/cookbook.fortinet.com\/ipsec-vpn-microsoft-azure-56\/<\/a><\/li>\n<li>IPsec VPN troubleshooting<br \/><a href=\"http:\/\/cookbook.fortinet.com\/ipsec-vpn-troubleshooting\/\">http:\/\/cookbook.fortinet.com\/ipsec-vpn-troubleshooting\/<\/a><\/li>\n<\/ul>\n<p>\u4e0a\u8a18\u306e\u516c\u5f0f\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u306b\u3082\u8a18\u8f09\u304c\u3042\u308a\u307e\u3059\u304c\u3001Azure \u7684\u306b\u306f FortiOS 5.6 \u304c\u6700\u5c0f\u8981\u4ef6\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<br \/><strong><span style=\"color: #ff0000;\">FortiOS 5.6 \u3088\u308a\u53e4\u3044\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u3092\u4f7f\u3063\u3066\u3044\u308b\u5834\u5408\u3001VPN \u30c8\u30f3\u30cd\u30eb\u304c\u5f35\u308c\u3066\u3044\u308b\u306e\u306b\u3082\u95a2\u308f\u3089\u305a\u901a\u4fe1\u304c\u901a\u3089\u306a\u3044\u306a\u3069<br \/>\u8907\u6570\u306e\u65e2\u77e5\u306e\u554f\u984c\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u307e\u3059\u306e\u3067\u3001\u5fc5\u305a FortiOS 5.6 \u4ee5\u964d\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306b\u66f4\u65b0\u3057\u3066\u304b\u3089\u4f7f\u3044\u307e\u3057\u3087\u3046\u3002<\/span><\/strong><\/p>\n<p>\u307e\u305f\u3001Fortigate \u3068\u306f IKEv2 \u3067\u63a5\u7d9a\u3059\u308b\u306e\u3067\u3001Azure \u5074\u306f\u30eb\u30fc\u30c8\u30d9\u30fc\u30b9\u306e\u30b2\u30fc\u30c8\u30a6\u30a7\u30a4\u3092\u4f5c\u308a\u307e\u3057\u3087\u3046\u3002<\/p>\n<h2>\u69cb\u6210\u624b\u9806<\/h2>\n<p>Cookbook \u306e\u901a\u308a\u306b\u8a2d\u5b9a\u3059\u308c\u3070\u3064\u306a\u304c\u3063\u305f\u306e\u3067\u7701\u7565\u3002<\/p>\n<h2>VPN \u30c8\u30f3\u30cd\u30eb\u3092\u30af\u30ea\u30a2<\/h2>\n<pre>diagnose vpn ike restart\ndiagnose vpn ike gateway clear<\/pre>\n<h2>\u30d1\u30b1\u30c3\u30c8\u63a1\u53d6<\/h2>\n<p>\u3068\u308a\u3042\u3048\u305a\u30d1\u30b1\u30c3\u30c8\u63a1\u53d6\u304b\u3089\u3002100E \u306f\u30b9\u30c8\u30ec\u30fc\u30b8\u3092\u7a4d\u3093\u3067\u306a\u3044\u306e\u3067\u3001CLI \u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3066\u3001<a href=\"http:\/\/kb.fortinet.com\/kb\/viewAttachment.do?attachID=fgt2eth.exe&amp;documentID=11186\">fgt2eth<\/a> \u3067 pcap \u306b\u5909\u63db\u3059\u308c\u3070\u826f\u3055\u305d\u3046\u3002<\/p>\n<ul>\n<li>Technical Note : \u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u30c4\u30fc\u30eb: \u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u30b3\u30de\u30f3\u30c9 (Japanese version only)<br \/><a href=\"http:\/\/kb.fortinet.com\/kb\/microsites\/search.do?cmd=displayKC&amp;docType=kc&amp;externalId=FD33124\">http:\/\/kb.fortinet.com\/kb\/microsites\/search.do?cmd=displayKC&amp;docType=kc&amp;externalId=FD33124<\/a><\/li>\n<\/ul>\n<pre>FG100E # diagnose sniffer packet any \"\" 6<\/pre>\n<pre>fgt2eth.exe -in &lt;\u4e0a\u8a18\u3067\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u305f\u30c6\u30ad\u30b9\u30c8 \u30d5\u30a1\u30a4\u30eb&gt; -out packet.pcap<\/pre>\n<h2>VPN \u30c8\u30f3\u30cd\u30eb\u3092\u78ba\u8a8d<\/h2>\n<p>\u307e\u305a\u521d\u3081\u306b\u3001\u30c8\u30f3\u30cd\u30eb\u306e\u4e00\u89a7\u3092\u53d6\u5f97\u3057\u3066\u73fe\u72b6\u3092\u78ba\u8a8d\u3002\u4ee5\u4e0b\u306f\u63a5\u7d9a\u3067\u304d\u3066\u3044\u306a\u3044\u5834\u5408\u306e\u4f8b\u3067\u3059\u3002<\/p>\n<pre><strong>FG100E # diagnose vpn tunnel list<\/strong>\nlist all ipsec tunnel in vd 0\n------------------------------------------------------\nname=Azure ver=2 serial=1 ff.ff.ff.ff:0-&gt;aa.aa.aa.aa:0\nbound_if=7 lgwy=static\/1 tun=intf\/0 mode=auto\/1 encap=none\/8 options[0008]=npu\nproxyid_num=1 child_num=0 refcnt=9 ilast=0 olast=0 ad=\/0 itn-status=a1\nstat: rxp=0 txp=0 rxb=0 txb=0 \/\/\u5207\u65ad\u72b6\u614b\u306a\u306e\u3067\u3001TX\/RX \u3068\u3082\u306b 0 \u306b\u306a\u3063\u3066\u3044\u307e\u3059\ndpd: mode=on-idle on=0 idle=20000ms retry=3 count=0 seqno=129956\nnatt: mode=none draft=0 interval=0 remote_port=0\nproxyid=Azure proto=0 sa=0 ref=1 serial=1\n src: 0:0.0.0.0\/0.0.0.0:0\n dst: 0:0.0.0.0\/0.0.0.0:0<\/pre>\n<p>\u6b63\u5e38\u306b\u63a5\u7d9a\u51fa\u6765\u3066\u3044\u308b\u72b6\u614b\u3060\u3068\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u7d50\u679c\u306b\u306a\u308b\u306f\u305a\u3002<\/p>\n<pre><strong>FG100E # diagnose vpn tunnel list<\/strong>\nlist all ipsec tunnel in vd 0\n------------------------------------------------------\nname=Azure ver=2 serial=1 xx.xx.xx.xx:0-&gt;yy.yy.yy.yy:0\nbound_if=7 lgwy=static\/1 tun=intf\/0 mode=auto\/1 encap=none\/8 options[0008]=npu\nproxyid_num=1 child_num=0 refcnt=12 ilast=6 olast=3 ad=\/0 itn-status=a2\nstat: rxp=3 txp=2 rxb=312 txb=168 \/\/\u63a5\u7d9a\u6e08\u307f\u3067\u3042\u308c\u3070\u30d1\u30b1\u30c3\u30c8\u304c\u30ab\u30a6\u30f3\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\ndpd: mode=on-idle on=1 idle=20000ms retry=3 count=0 seqno=129979\nnatt: mode=none draft=0 interval=0 remote_port=0\nproxyid=Azure proto=0 sa=1 ref=3 serial=1\n src: 0:0.0.0.0\/0.0.0.0:0\n dst: 0:0.0.0.0\/0.0.0.0:0\n\n \/\/\u5148\u307b\u3069\u307e\u3067\u8868\u793a\u3055\u308c\u3066\u3044\u306a\u304b\u3063\u305f SA \u306e\u60c5\u5831\u304c\u8ffd\u52a0\u3067\u51fa\u3066\u3044\u307e\u3059\n SA: ref=6 options=10026 type=00 soft=0 mtu=1438 expire=26584\/0B replaywin=1024\n seqno=3 esn=0 replaywin_lastseq=00000003 itn=0\n life: type=01 bytes=0\/0 timeout=26731\/27000\n dec: spi=101af04b esp=aes key=32 47f48f9be216cd73b0583d192569138e2a44480dfca10e7b41a833f2b565bb3c\n ah=sha1 key=20 8da6cf572039a77cc454e39d294d47842f4fa71c\n enc: spi=b9c6a7b0 esp=aes key=32 d8361980da39eab24e49527f2b1c08ac0583114d7b94228d98b465e1c3366dce\n ah=sha1 key=20 88442398c9fb9fff1d76f6d0fc029ccdf9b50763\n dec:pkts\/bytes=3\/96, enc:pkts\/bytes=2\/304\n npu_flag=03 npu_rgwy=aa.aa.aa.aa npu_lgwy=ff.ff.ff.ff npu_selid=0 dec_npuid=1 enc_npuid=1<\/pre>\n<h2>\u30c7\u30d0\u30c3\u30b0\u30ed\u30b0\u306e\u6709\u52b9\u5316<\/h2>\n<p>\u30c8\u30f3\u30cd\u30eb\u304c\u6b63\u3057\u304f\u5f35\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306a\u3069\u306f\u3001IKE \u306e\u30c7\u30d0\u30c3\u30b0 \u30ed\u30b0\u3092\u6709\u52b9\u5316\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<p>\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0 \u30ac\u30a4\u30c9\u306b\u306f 2 \u30d1\u30bf\u30fc\u30f3\u66f8\u304b\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u305d\u308c\u305e\u308c\u4f55\u304c\u9055\u3046\u3093\u3060\u308d\u3046\uff65\uff65\uff65\u3002(Phase 1, 2 ?)<\/p>\n<pre class=\"CLI_Syntax_0\">diag vpn ike log\u00a0\ndiag debug app ike -1\ndiag debug enable<\/pre>\n<p>\u30c7\u30d0\u30c3\u30b0 \u30ed\u30b0\u3092\u6b62\u3081\u308b\u5834\u5408\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u3002(\u4ee5\u964d\u306e\u624b\u9806\u3067\u3082\u540c\u69d8)<\/p>\n<pre>diagnose debug reset\ndiagnose debug disable<\/pre>\n<h2>PSK \u306e\u4e0d\u4e00\u81f4<\/h2>\n<p>PSK \u304c\u9593\u9055\u3063\u3066\u3044\u308b\u5834\u5408\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u660e\u78ba\u306b pre-shared key mismatch \u306e\u30ed\u30b0\u304c\u51fa\u307e\u3059\u3002<\/p>\n<pre>ike 0:Azure:230: <span style=\"color: #ff0000;\"><strong>PSK auth failed: probable pre-shared key mismatch<\/strong><\/span>\n<span style=\"color: #ff0000;\"><strong>ike Negotiate SA Error<\/strong><\/span>: ike ike [6253]<\/pre>\n<h2>Proposal Mismatch<\/h2>\n<p>SA \u306e Proposal \u304c\u4e00\u81f4\u3057\u306a\u3044 (mismatch) \u5834\u5408\u3001\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u30ed\u30b0\u304c\u51fa\u307e\u3059\u3002<\/p>\n<pre><strong>\/\/Fortigate \u304b\u3089 Azure \u3078\u63a5\u7d9a\u8981\u6c42 (SA_INIT) \u3092\u9001\u4ed8<\/strong>\nike 0:Azure:781: sent IKE msg (SA_INIT): ff.ff.ff.ff:500-&gt;aa.aa.aa.aa:500, len=252, id=c9b9112fd4614416\/0000000000000000\nike 0: comes aa.aa.aa.aa:500-&gt;ff.ff.ff.ff:500,ifindex=7....\nike 0: IKEv2 exchange=SA_INIT_RESPONSE id=c9b9112fd4614416\/d00184a2a68d4b91 len=36\nike 0: in C9B9112FD4614416D00184A2A68D4B91292022200000000000000024000000080000000E\n\n<strong>\/\/Azure \u304b\u3089\u5fdc\u7b54\u3092\u53d7\u4fe1<\/strong>\nike 0:Azure:781: initiator received SA_INIT response\nike 0:Azure:781: processing notify type NO_PROPOSAL_CHOSEN\nike 0:Azure:781: malformed message\nike 0: comes aa.aa.aa.aa:500-&gt;ff.ff.ff.ff:500,ifindex=7....\nike 0: IKEv2 exchange=SA_INIT id=d4455f39cff0dd02\/0000000000000000 len=620\nike 0: in D4455F39CFF0DD02000000000000000021202208000000000000026C220001040200002C010100040300000C0100000C800E01000300000803000002030000080200000200000008040000020200002C020100040300000C0100000C800E0100030000080300000C030000080200000500000008040000020200002C030100040300000C0100000C800E00800300000803000002030000080200000200000008040000020200002C040100040300000C0100000C800E0080030000080300000C030000080200000500000008040000020200002805010004030000080100000303000008030000020300000802000002000000080400000200000028060100040300000801000003030000080300000C0300000802000005000000080400000228000088000200004191FDF37EC6B68E1EFC9C40EDCE63919DE238DCD0A45B2B165EE30D6B0050953F4D4617E4449B4E96D455DEB34660FBA90308D82D11F29726B1BE27DB39DDC1605A2AC986F00D7F150649C954FA56ECC0183F1020FEFBCDA895F5A8EF33D959F0C1685C81AE533F1FE4904E2F8E9C4A300E8CD7795D1232910E68C852CAD9DE2900003499BE0BCCC36A0A9785CD1A2648ACB60B6E04D55DD3164797685AA6B06722E13D17CDACB1039FA8C7F01A697901B453442900001C000040048BF34E42B5DCB2F629EA1E8D91A7C71CB30388ED2B00001C00004005727E19E5CC569747EC22A6DD9CC63D94AA49EE642B0000181E2B516905991C7D7C96FCBFB587E461000000092B000014FB1DE3CDF341B7EA16B7E5BE0855F1202B00001426244D38EDDB61B3172A36E3D0CFB8190000001801528BBBC00696121849AB9A1C5B2A5100000002\nike 0:d4455f39cff0dd02\/0000000000000000:782: responder received SA_INIT msg\nike 0:d4455f39cff0dd02\/0000000000000000:782: received notify type NAT_DETECTION_SOURCE_IP\nike 0:d4455f39cff0dd02\/0000000000000000:782: received notify type NAT_DETECTION_DESTINATION_IP\n\n<strong>\/\/Azure \u5074\u304b\u3089\u53d7\u3051\u53d6\u3063\u305f proposal<\/strong>\nike 0:d4455f39cff0dd02\/0000000000000000:782: incoming proposal:\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 1:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=AES_CBC (key_len = 256)\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA_96\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=AES_CBC (key_len = 256)\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA2_256\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 3:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=AES_CBC (key_len = 128)\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA_96\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 4:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=AES_CBC (key_len = 128)\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA2_256\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 5:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=3DES_CBC\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA_96\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 6:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=3DES_CBC\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_SHA2_256\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\n\n<strong>\/\/Fortigate \u5074\u306e proposal<\/strong>\nike 0:d4455f39cff0dd02\/0000000000000000:782: my proposal, gw Azure:\nike 0:d4455f39cff0dd02\/0000000000000000:782: proposal id = 1:\nike 0:d4455f39cff0dd02\/0000000000000000:782:   protocol = IKEv2:\nike 0:d4455f39cff0dd02\/0000000000000000:782:      encapsulation = IKEv2\/none\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=ENCR, val=DES_CBC\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=INTEGR, val=AUTH_HMAC_MD5_96\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=PRF, val=PRF_HMAC_MD5\nike 0:d4455f39cff0dd02\/0000000000000000:782:         type=DH_GROUP, val=MODP1024.\n\n<strong>\/\/no proposal chosen \u3067 Fortigate \u3068 Azure \u306e proposal \u304c\u4e00\u81f4\u3057\u306a\u3044\u305f\u3081\u30a8\u30e9\u30fc\u306b\u306a\u3063\u3066\u3044\u308b<\/strong>\nike 0:d4455f39cff0dd02\/0000000000000000:782: lifetime=28800\nike 0:d4455f39cff0dd02\/0000000000000000:782: <span style=\"color: #ff0000;\"><strong>no proposal chosen<\/strong><\/span>\n<span style=\"color: #ff0000;\"><strong>ike Negotiate SA Error<\/strong><\/span>: ike ike  [9697]<\/pre>\n<p>\u6b63\u5e38\u306a\u5834\u5408\u306e\u30ed\u30b0\u306f\u4ee5\u4e0b\u3002<\/p>\n<pre><strong>\/\/Fortigate \u304b\u3089 Azure \u3078\u63a5\u7d9a\u8981\u6c42 (SA_INIT) \u3092\u9001\u4ed8<\/strong>\nike 0:Azure:815: sent IKE msg (SA_INIT): ff.ff.ff.ff:500-&gt;aa.aa.aa.aa:500, len=340, id=a773817d787e06a4\/0000000000                                                                                                                        000000\nike 0: comes aa.aa.aa.aa:500-&gt;ff.ff.ff.ff:500,ifindex=7....\nike 0: IKEv2 exchange=SA_INIT_RESPONSE id=a773817d787e06a4\/5d4182e9c4e71157 len=364\nike 0: in A773817D787E06A45D4182E9C4E7115721202220000000000000016C220000300000002C010100040300000C0100000C800E0100030                                                                                                                        000080300000203000008020000020000000804000002280000880002000041168ABAA25B349FEF74B97112D464ACBDD24E9D415DB600ADA95C48                                                                                                                        F9FB09DD63388A7C14FDBF75EA926F25A97DFED9BDE66FD5E614A7B3FA0E6E72C4D25F018B709EFECFCDCADD3D3407B3821658A63EC9B9396EDCC                                                                                                                        AAFC79B68362928275364452E4513CD12AAD700846D45E52A8C91B3DF1168BE4A28BFCCCA1030949CAD29000034C2C8CB225C4F02C82BA41D222F                                                                                                                        C47318C9BB968E42109586814018DD44781D172DA7821374A5C71FF61120A6D5D8ADE92900001C0000400412B129D9A38E93680D50A89633A517B                                                                                                                        C0DF692582B00001C0000400572B08CE048FE1A5A0644D512093F674262CDEACE2B0000181E2B516905991C7D7C96FCBFB587E461000000090000                                                                                                                        0014FB1DE3CDF341B7EA16B7E5BE0855F120\n\n<strong>\/\/Azure \u304b\u3089\u5fdc\u7b54\u3092\u53d7\u4fe1<\/strong>\nike 0:Azure:815: initiator received SA_INIT response\nike 0:Azure:815: processing notify type NAT_DETECTION_SOURCE_IP\nike 0:Azure:815: ignoring unauthenticated notify payload (NAT_DETECTION_SOURCE_IP)\nike 0:Azure:815: processing notify type NAT_DETECTION_DESTINATION_IP\nike 0:Azure:815: ignoring unauthenticated notify payload (NAT_DETECTION_DESTINATION_IP)\n\n<strong>\/\/Azure \u5074\u304b\u3089\u53d7\u3051\u53d6\u3063\u305f proposal<\/strong>\nike 0:Azure:815: incoming proposal:\nike 0:Azure:815: proposal id = 1:\nike 0:Azure:815:   protocol = IKEv2:\nike 0:Azure:815:      encapsulation = IKEv2\/none\nike 0:Azure:815:         type=ENCR, val=AES_CBC (key_len = 256)\nike 0:Azure:815:         type=INTEGR, val=AUTH_HMAC_SHA_96\nike 0:Azure:815:         type=PRF, val=PRF_HMAC_SHA\nike 0:Azure:815:         type=DH_GROUP, val=MODP1024.\n\n<strong>\/\/Fortigate \u5074\u3068\u4e00\u81f4\u3057\u305f proposal<\/strong>\nike 0:Azure:815: matched proposal id 1\nike 0:Azure:815: proposal id = 1:\nike 0:Azure:815:   protocol = IKEv2:\nike 0:Azure:815:      encapsulation = IKEv2\/none\nike 0:Azure:815:         type=ENCR, val=AES_CBC (key_len = 256)\nike 0:Azure:815:         type=INTEGR, val=AUTH_HMAC_SHA_96\nike 0:Azure:815:         type=PRF, val=PRF_HMAC_SHA\nike 0:Azure:815:         type=DH_GROUP, val=MODP1024.\n\n<strong>\/\/INITIAL-CONTACT \u3092\u9001\u4ed8<\/strong>\nike 0:Azure:815: lifetime=28800\nike 0:Azure:815: IKE SA a773817d787e06a4\/5d4182e9c4e71157 SK_ei 32:936D0D524FBD63007463875227CCF5EBF8E57329DEB3CAA91E                                                                                                                        3E2EB2E888CD10\nike 0:Azure:815: IKE SA a773817d787e06a4\/5d4182e9c4e71157 SK_er 32:47962985DA68DEB918F4046430BE910B47081089B99EF38507                                                                                                                        1C0B517A3B0AAA\nike 0:Azure:815: IKE SA a773817d787e06a4\/5d4182e9c4e71157 SK_ai 20:289FE8FA93A7F8428E837BFBAF9C0DEAB3315E65\nike 0:Azure:815: IKE SA a773817d787e06a4\/5d4182e9c4e71157 SK_ar 20:CCA087CA7FFBC1F6F89A56A6EF762EEDA60EA9D4\nike 0:Azure:815: initiator preparing AUTH msg\nike 0:Azure:815: <span style=\"color: #339966;\"><strong>sending INITIAL-CONTACT<\/strong><\/span><\/pre>\n<p>\u3042\u3001\u5f53\u7136\u3067\u3059\u304c Fortigate \u306e\u30b3\u30f3\u30d5\u30a3\u30b0\u3068\u304b\u30c8\u30e9\u30d6\u30eb\u30b7\u30e5\u30fc\u30c6\u30a3\u30f3\u30b0\u306f Fortinet \u793e\u306b\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u306d\u3002MS \u304b\u3089\u5404\u793e\u306e VPN \u30c7\u30d0\u30a4\u30b9\u306b\u3064\u3044\u3066\u6b63\u5f0f\u306a\u56de\u7b54\u3068\u304b\u3067\u304d\u308b\u306f\u305a\u3082\u306a\u3044\u306e\u3067\u3001\u305d\u306e\u8fba\u306f\u662f\u975e\u3068\u3082\u7a7a\u6c17\u8aad\u3093\u3067\u304f\u3060\u3055\u3044\u307e\u305b\u3002<\/p>\n<p>\u307e\u305f\u6c17\u304c\u5411\u3044\u305f\u3089\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n<h2>\u305d\u306e\u4ed6<\/h2>\n<p>Azure VPN Gateway \u5074\u3067\u3082\u30ed\u30b0\u304c\u53d6\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u305f\u306e\u3067\u3001\u4ee5\u4e0b\u3082\u4f75\u305b\u3066\u3069\u3046\u305e\u3002<\/p>\n<p><blockquote class=\"wp-embedded-content\" data-secret=\"2tzXrdt2Hv\"><a href=\"https:\/\/www.syuheiuda.com\/?p=4495\">Azure \u3068\u306e VPN \u63a5\u7d9a\u304c\u3046\u307e\u304f\u3044\u304b\u306a\u3044\u5834\u5408\u306e\u30c7\u30d0\u30c3\u30b0\u65b9\u6cd5<\/a><\/blockquote><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" src=\"https:\/\/www.syuheiuda.com\/?p=4495&#038;embed=true#?secret=2tzXrdt2Hv\" data-secret=\"2tzXrdt2Hv\" width=\"600\" height=\"338\" title=\"&#8220;Azure \u3068\u306e VPN \u63a5\u7d9a\u304c\u3046\u307e\u304f\u3044\u304b\u306a\u3044\u5834\u5408\u306e\u30c7\u30d0\u30c3\u30b0\u65b9\u6cd5&#8221; &#8212; Made in container\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n\n\n<p>\u3042\u3068\u3001Jazug Night \u3067\u767b\u58c7\u3057\u305f\u969b\u306b\u66f4\u306b\u8a73\u3057\u3044\u8a71\u3092\u3057\u305f\u306e\u3067\u3001\u4ee5\u4e0b\u306e\u30b9\u30e9\u30a4\u30c9 P.64 &#8211; 73 \u3084 YouTube \u306e\u9332\u753b (1:03:36 &#8211; 1:18:50) \u3082\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<figure class=\"wp-block-embed-slideshare wp-block-embed is-type-rich is-provider-slideshare wp-embed-aspect-1-1 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"\u30b5\u30dd\u30fc\u30c8 \u30a8\u30f3\u30b8\u30cb\u30a2\u304c Azure Networking \u3092\u3058\u3063\u304f\u308a\u305f\u3063\u3077\u308a\u8a9e\u308a\u3064\u304f\u3059\u4f1a\" src=\"https:\/\/www.slideshare.net\/slideshow\/embed_code\/key\/4XGONsILdvDGj6\" width=\"427\" height=\"356\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe> <div style=\"margin-bottom:5px\"> <strong> <a href=\"https:\/\/www.slideshare.net\/ShuheiUda\/azure-networking-165852712\" title=\"\u30b5\u30dd\u30fc\u30c8 \u30a8\u30f3\u30b8\u30cb\u30a2\u304c Azure Networking \u3092\u3058\u3063\u304f\u308a\u305f\u3063\u3077\u308a\u8a9e\u308a\u3064\u304f\u3059\u4f1a\" target=\"_blank\">\u30b5\u30dd\u30fc\u30c8 \u30a8\u30f3\u30b8\u30cb\u30a2\u304c Azure Networking \u3092\u3058\u3063\u304f\u308a\u305f\u3063\u3077\u308a\u8a9e\u308a\u3064\u304f\u3059\u4f1a<\/a> <\/strong> from <strong><a href=\"https:\/\/www.slideshare.net\/ShuheiUda\" target=\"_blank\">ShuheiUda<\/a><\/strong> <\/div>\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"\u7b2c21\u56de Tokyo Jazug Night\" width=\"860\" height=\"484\" src=\"https:\/\/www.youtube.com\/embed\/YMAV8aqb9pk?start=3816&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u3069\u3053\u306e\u3054\u5bb6\u5ead\u306b\u3082\u3042\u308b\u4e00\u822c\u7684\u306a Fortigate 100E \u3067 Azure \u3068 &hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/www.syuheiuda.com\/?p=4217\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_locale":"","_original_post":""},"categories":[42,43,31],"tags":[],"views":65840,"_links":{"self":[{"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/posts\/4217"}],"collection":[{"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4217"}],"version-history":[{"count":30,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/posts\/4217\/revisions"}],"predecessor-version":[{"id":5297,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=\/wp\/v2\/posts\/4217\/revisions\/5297"}],"wp:attachment":[{"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4217"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4217"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syuheiuda.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4217"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}