Support Center > Search Results > SecureKnowledge Details
Site-to-Site VPN with DAIP Gateway fails during Packet 5 with the message
 "FwIkeP1FetchUser Invalid realm. aborting" 
Technical Level
Symptoms
  • A site-to-site VPN tunnel with a Dynamically Assigned IP Address (DAIP) Security Gateway fails.
  • The $FWDIR/log/ike.elg log file shows that the negotiation stopped after receiving packet 5 from DAIP.
  • The $FWDIR/log/vpnd.elg log file shows these messages:
    [tunnel] FwIkeGetUserDNFromCerts: idType is not ID_IPV4_ADDR (9)
    [tunnel] MMProcess5: not a ccc client
    [AU] CAuthCertRules::GetUsernameFromCert (0xa649378): Extracted username from cert: 
    [ccc_core] CCCClientManager::getInstance: Enter
    [CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed
    [CLIENT_CONFIG] CCCMultiLoginOption::getRealmById: login option =
    [CLIENT_CONFIG] CCCMultiLoginOption::isLoginOptionIDAllowed:  does not exist
    [tunnel] FwIkeP1FetchUser Invalid realm. aborting
    [tunnel] RespMMPacketError: error in FWIKE_EXCH_MAIN_MODE - FWIKE_MM_PACKET_5_FETCH_PEER
    
Cause

DAIP fetch didn't happen due to error return code.


Solution
Note: To view this solution you need to Sign In .