Skip to main content
Karim_Hussam
Karim_Hussam
New Member
April 8, 2026
Question

FortiGate IPsecVPN (IKEv2) - LDAP Authentication is NOT WORKING

  • April 8, 2026
  • 0 replies
  • 183 views

Based on this article here

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-EAP-TTLS-for-IPSec-IKEv2-tunnels-in/ta-p/408602

 


I know you've tried more than once to make the tunnel up with IKEv2 and with LDAP Authentication and it didn't work.

 

First I would like to thank to my friend @Mohamedh219 for his amazing effort getting such article

 


Here is a solution that worked out with me based on this Japanese article:

https://licensecounter.jp/engineer-voice/blog/articles/20260331_fortigate_ipsec_vpnikev2_-_ldapforticlient_vpn_-.html

 

 

All you have to do is enabling the transport protocol to be using TCP instead of UDP for the tunnel's configuration, and set the ike tcp port to a port that you're 100% sure it's opened by the ISPs (for example 443 which is used for web browsing) .. Check image below

 

image.png

 

Also from the FortiClient perspective .. go to the VPN settings for the configured IPSEC VPN .. Go to Advanced settings under phase1 .. change the ike port to be TCP with the same port number 443 in this case

 

image.png

 
NOTE!!: If you're already having another IPSEC Tunnel that is over TCP instead of UDP ports 500 and 4500 .. that TCP port will be affected the tunnel will go down because of the mismatch port between you and the other destination so in that case the other destination has to change the port and so on.
 
If changing the ike tcp port isn't a suitable option for you, you might have to go with other solution.

And that's it!
 
Hope it works out! :D
 

FortiGate

FortiClient 

Terms & ConditionsAccessibility statement