Reference

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/33578/configurable-ike-port

Situation

# 平常Main Mode IKE Port是用UDP 500，Aggressive Mode是用UDP 4500。
Main Mode IKE uses UDP port 500, while Aggressive Mode uses UDP port 4500.

# 但有些ISP會擋這兩個Port防止IPsec被亂建立，所以要改IKE Port。
Some ISPs block these two ports to prevent unauthorized IPsec connections, so the IKE port needs to be changed.

Solution

config system settings
    set ike-port 6000
end

TroubleShooting

[1]
# 確認參數
get vpn ike gateway

[2]
# 確認phase 1有沒有起來
diagnose vpn ike gateway list name "Your_Tunnel_Name"
> status: Established(Phase1 Success)
> status: Connecting(Phase1 Fail)

[3]
# 清除舊的 debug 設定
diagnose debug reset                    

# 增加debug時間戳記
diagnose debug console timestamp enable

# 開啟 IKE 模組 debug (所有資訊)
diagnose debug application ike -1       

# 打開 debug 輸出
diagnose debug enable              

# 清除舊的 debug 設定
diagnose debug reset

# 關閉 debug 輸出
diagnose debug disable