FortiClientVPN Dialup IPsec SAML EntraID within in the same network

Forum|Forum|1 year ago
June 12, 2025
1 reply
1385 views

Hello all,

We use IPsec Dialup VPN with SAML via EntraID. When I try to connect via IPsec VPN inside same network in which the Fortigate is located, I get the error "ERR_EMPTY_RESPONSE" when calling SAML
Is this an expected behavior? If not, what could be the issue and how can I fix it?
If I'm connected outside of my Fortigate, all is working fine.

Similarly, we also have an SSL VPN via SAML EntraID and the login works within the same network.

Also the Single Sign-On settings for the IPsec SAML looks similar to the SSL SAML.

Screenshot 2025-06-12 094635.png

Fortigate: v7.6.3 build3510
FortiClientVPN 7.4.2.1737 / 7.4.3

Best Regards

fabs

FortiClient

funkylicious

SuperUser

hi,

maybe something in here could help with your issue.

also, i assume the ike-saml-port used for IPsec is different from the port used in SSLVPN?

"jack of all trades, master of none"

fabsAuthor

Visitor III

@funkylicious
Thanks for your reply. This thread you mentioned was original from me. But this issue related to something other.

Yes SSL SAML and IPsec SAML has different ports.

fabsAuthor

Visitor III

Btw if I use my iPhone via WiFi within the same network with latest FortiClientVPN, I've got the error prompt "The network connection was los."

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded