IPSec Dial Up V2 with cert auth and radius (windows NPS + AD)

Forum|Forum|9 months ago
August 12, 2025
1 reply
344 views

Hi, is anyone have experience on setting up vpn for this use case? I need some guide on how to set up correctly as I am currently facing issue where the radius server response with reason code = 3 (access-reject). This issue only happens when using version 2 and not version 1 (aggresive mode + XAuth). Thanks in advance!

FortiGate

knaveenkumar

Staff

Hello.

FortiGate dial-up IPsec tunnels can be configured as IKEv2 with Radius authentication. Note that EAP will need to be configured even if LDAP is used, as IKEv2 requires EAP. LDAP will be a result of a 'translation' from RADIUS EAP to LDAP if that is possible.

please refer the below document :

=======================

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-dialup-IPsec-tunnel-with-RADIUS-server/ta-p/191040

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-Dialup-IPsec-tunnel-with-RADIUS-and/ta-p/220818

debug commands :

===================

diag debug reset
diag debug enable
diag debug application ike -1
diag debug application fnbamd -1

-Naveen

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded