Moving from SSL VPN to IPSec and IKE V2 and NO CHANCE AT ALL - whats wrong, why removing SSL VPN

Hi there,

I have been struggling for months to replace SSL VPN with IPsec. We have a production environment with a 90G running 7.4.5 (we cannot change the OS yet because we still have not been able to migrate successfully to IPsec) and around 100 remote users connecting with LDAP and FortiToken. For the last 4 years we have had ZERO problems with SSL VPN.

For about 4 months now, we have been internally testing IPsec, and we run into problems almost every week. Fortinet support recently suggested switching to IKEv2, so I decided to test this in a lab environment using an FG50G and FortiClient.

Initially, I started with FortiOS 7.4.13 and FortiClient 7.0.12. With IKEv1 I was able to get the tunnel working and successfully ping the LAN. However, once I started testing IKEv2, the problems began.

I then upgraded to FortiOS 7.6.6 and FortiClient 7.4.3 (which supposedly should be free of known bugs), but I still cannot get it working correctly. The VPN tunnel comes UP, but I cannot ping the LAN, and FortiClient always shows 0 bytes received.

Is there not a specific cookbook or reference configuration that guarantees a stable and fully working IPsec setup with FortiOS 7.x and FortiClient 7.x using IKEv2?

Thanks!