Azure Site-to-Site VPN and Fortigate IPSec Phase 2 error on SA re-establishment - "peer SA proposal not match local policy"

azure fortigate azure-vpn

The solution is to install a custom IPSec policy with Azure VPN Gateway as described in this Azure troubleshooting document. Make sure you pick compatible policy options (I chose AES256/SHA256 everywhere) and disable PFS. THe how-to is described here. When you follow the guide you will by default have no IPSec Policy installed - this is counter-intuitive as the gateway of course has a policy, but it is the default one and thus hidden. Just follow the guide.

Upvote or comment if you feel this has saved you some head banging.

Related

HA-Proxy errors in configuration file
Varnish - How can I set TTL in response header?
Microsoft SQL server backup : restoring data to one table
Kernel IP forwarding not enabled for ethernet interface on boot
How do I access AWS instances created by other users in my organization?
Is delegated DNS server authoritative server?
How to block DNS over HTTPS using IPtables
How to add a range of IPs in Debian 10?
Windows firewall, netsh, block all ips from a text file
App Engine Restarts
Same NFS share on different clients with different local users
How to find someone's personal best? (fastest time in a race?)