Skip to main content
smkml
Staff
smkml
Staff
December 16, 2024

Troubleshooting Tip: Remote Access Topology in VPN Manager install failed

  • December 16, 2024
  • 0 replies
  • 730 views
Description

 

This article describes troubleshooting when the installation fails using Remote Access Topology in VPN Manager.

 

Related error:


FGT-HUB $ config vpn ipsec phase1-interface

FGT-HUB (phase1-interface) $ edit "test-rem_0"

FGT-HUB (test-rem_0) $ set type dynamic

FGT-HUB (test-rem_0) $ set interface "port1"

FGT-HUB (test-rem_0) $ set ike-version 2

FGT-HUB (test-rem_0) $ set comments "[created by FMG VPN Manager]"

FGT-HUB (test-rem_0) $ set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

FGT-HUB (test-rem_0) $ set keylife 28800

FGT-HUB (test-rem_0) $ set peertype any

FGT-HUB (test-rem_0) $ set mode-cfg enable

FGT-HUB (test-rem_0) $ set net-device disable

FGT-HUB (test-rem_0) $ set assign-ip-from name

FGT-HUB (test-rem_0) $ set ipv4-dns-server1 172.21.167.163

FGT-HUB (test-rem_0) $ set ipv4-split-include "MGT_NETWORK"

FGT-HUB (test-rem_0) $ set ipv4-name "test-ip"

entry not found in datasource

 

value parse error before 'test-ip'

Command fail. Return code -3

FGT-HUB (test-rem_0) $ set psksecret **********

FGT-HUB (test-rem_0) $ next

Must set IPv4 or IPv6 name.

object check operator error, -45, discard the setting

Command fail. Return code 1

FGT-HUB (phase1-interface) $ end

 

Scope

 

FortiManager, FortiGate

.

Solution

 

  1. VPN Manager Remote Access Topology configuration: Go to VPN Manager -> Create New -> Remote Access.

 

remote access topology configuration.gif

 

  1. Gateway configuration: After creating the Remote Access community, add a gateway by VPN Manager -> Select Remote Access community -> Create New -> Managed Gateway.

 

gateway configuration.gif

 

  1. In specific, enable IP Assignment and use Address/Address Group mode. Select the VPN Manager -> Select Remote Access community -> Created gateway -> Enable IP Assignment -> Select Address/Address Group in IP Assignment mode.

 

enable ip assignment.png

 

  1. Ensure the Client Address Range address is an IP Range type of address. Go to Policy & Objects -> Object Configurations -> Firewall Objects -> Addresses.

 

ip range type address.png

 

  1. Selecting other types will cause the installation to fail. This can be assured by the behavior of FortiGate, where when a command is performed to select the same, it will only show the IP Range type address.

 

ipv4-name from FGT.png

 

address type in FGT.png

    Terms & ConditionsAccessibility statement