IPSec settings for non FortiClient

Forum|Forum|10 years ago
December 9, 2015
1 reply
4327 views

I have a client with a vendor who insists on using their own IPSec client. I'm getting phase1 errors in the log.

Dialup IPSec was created with the wizard. What settings should a non-FortiClient user have?

emnoc

New Member

What phase1 errors are you seeing? that would determine the issue(s);

e.g

PSK mismatches

proposal no match

etc..

If your in doubt on the proposal enable a few others and see if the clients get out of the phase1-errors

e.g

AES128 and 192 and 256 and 3DES

SHA1 and MD5

Your debug diagnostic should most of what the client is sending and you need to match the proposal.

http://socpuppet.blogspot...-trouble-shooting.html

Ken

ede_pfau

SuperUser

Would be helpful to name the other vendor as others might have experience with their products.

For example, there are clients that use IKEv2, default on a Fortigate is IKEv1. It still is capable of doing IKEv2, you just have to know in advance what the client expects.

CyberNorrisAuthor

New Member

I have no idea what client they are using. All I have seen is phase1 failure, not sure why.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded