Skip to Content

How to fix ADVPN error ‘auto-discovery-receiver is disabled, ignoring’

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes the solution for the error ‘auto-discovery-receiver is disabled, ignoring’ that appears during an IKE debug with ADVPN setup.

Scope

FortiGate.

Solution

This error appears while troubleshooting an IPsec tunnel using the IKE debug command:

diagnose debug application ike -1
diagnose debug console timestamp enable
diagnose debug enable

The error in the debug output is as follows:

FortiGate-100F # ike shrank heap by 135168 bytes
ike shrank heap by 135168 bytes
ike shrank heap by 135168 bytes
ike 0: comes 157.96.26.132:500->132.132.132.1:500,ifindex=7,vrf=0....
ike 0: IKEv2 exchange=INFORMATIONAL id=51dc17629bb3c0b7/726060f434b96957 len=208
ike 0: in 51DC17629BB3C0B7726060F434B969572E20250000000000000000D0290000B4ED5FF8EB28C9AA3FF3EAEB8766B80CB8DD2B5A140105C1623234399EB04ACA66E4F30D6152D42226B91D9A6C5164D6958952A45123859D25C89DFDCAEC0F334EB723F3F332AFE94E3BD39D89EDD1495902123E881DB18B0566F30A0D6F551BDBB463B67793D9FDB962E253214EE738010C733B959F24176E01D07BE1ADB1A69A61AE0CF76383EB6962E71D5DB532FF62719A2EA9A6D4902B2A2B8E612485C768420ABA506EB9B71F62AB934D65FE7158
ike 0:DC_SPOKE:0: dec 51DC17629BB3C0B7726060F434B969572E20250000000000000000A829000004000000880000F0FBEFBEADDE000000000100000000010004AC1E040100030004AC1E040500070040CA9EF39C4C5DFD0F2B5563A0D0BA0A55744EAB1EC22A6C16773D6175B7EC4B6C0CD29F5863C14DB34B238697E4BA4799CFFA3EDCCC550CA5CEFF422B49E8389E000B000102000000000C000100010000000D000485858501000F000201F40000
ike 0:DC_SPOKE:0: received informational request
ike 0:DC_SPOKE:0: processing notify type SHORTCUT_OFFER
ike 0:DC_SPOKE: auto-discovery-receiver is disabled, ignoring <- - - - - -
ike 0:DC_SPOKE:0: enc 0F0E0D0C0B0A0908070605040302010F
ike 0:DC_SPOKE:0: out 51DC17629BB3C0B7726060F434B969572E2025280000000000000050000000347FC7486FA94DC5E045BE867EFE2C30C36C515A8DEA8482F025F517608D5605CF4E377FD17536C4477C4231D5C235AD15
ike 0:DC_SPOKE:0: sent IKE msg (INFORMATIONAL_RESPONSE): 132.132.132.1:500->157.96.26.132:500, len=80, vrf=0, id=51dc17629bb3c0b7/726060f434b96957

Enable network-id on the ADVPN Hub and Spoke tunnel in the VPN configuration using the following command to solve this. The network-id should match the Hub and Spoke, but the network-id can be anything

ADVPN Hub:

config vpn ipsec phase1-interface
edit <phase1-name>
set network-overlay enable
set network-id 10
end

ADVPN Spoke:

config vpn ipsec phase1-interface
edit <phase1-name>
set network-overlay enable
set network-id 10
end