Technical Note: L2TP disconnections due to out-of-order packets
Description
L2TP over IPsec is prone to failures and disconnection due to data compression if MS CHAP is used as authentication protocol and if packets are coming to FortiGate unit out of order. This is observed especially with higher amount of traffic flowing through the tunnel, typically RDP connections.
Solution
To resolve this issue disable MS CHAP on client (usually MS Windows).
MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below. There is no configuration change needed on the FortiGate side.
MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below. There is no configuration change needed on the FortiGate side.