FortiClient versions >6.0.0 fail IPSec connections

Hi 

Just share the both the conf  will helpful for us to support u .may b conf issue.Did you enabled Mode_cfg on both Gateway and Client .Also match the P1 and P2 proposals.

FG SRA IPSec conf:

config vpn ipsec phase1-interface     edit "FC-IPSec"         set type dynamic         set interface "wan1"         set peertype any         set mode-cfg enable         set ipv4-dns-server1 xxx         set ipv4-dns-server2 xxx         set proposal aes128-sha256 aes256-sha256         set npu-offload disable         set xauthtype auto         set authusrgrp "IT-VPN"         set idle-timeout enable         set idle-timeoutinterval 10         set ipv4-start-ip 10.133.7.100         set ipv4-end-ip 10.133.7.150         set ipv4-split-include "FC-IPSec_split"         set psksecret xxx     next end

config vpn ipsec phase2-interface     edit "FC-IPSec"         set phase1name "FC-IPSec"         set proposal aes128-sha256 aes256-sha256         set pfs enable         set dhgrp 14         set replay enable         set keepalive disable         set add-route phase1         set auto-discovery-sender phase1         set auto-discovery-forwarder phase1         set keylife-type seconds         set single-source disable         set route-overlap use-new         set encapsulation tunnel-mode         set comments ''         set protocol 0         set src-addr-type subnet         set src-port 0         set dst-addr-type subnet         set dst-port 0         set keylifeseconds 43200         set src-subnet 0.0.0.0 0.0.0.0         set dst-subnet 0.0.0.0 0.0.0.0     next end

The VPN settings are actually pushed down by EMS onto the clients but for testing of the new clients I manually install the latest versions before I will have users upgrade.

FCT VPN settings:

These are identical between all versions 6.0.0 and above as I said they are pushed out by an EMS profile. But 6.0.1 and 6.0.2 will give errors of probable preshared key mismtach. After reversion to 6.0.0 the PSK mismatch goes away.