Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortigate

Forum|Forum|6 years ago
October 17, 2019
3 replies
9089 views

I want to setup remote access vpn on my fortigate(v6.2) for both windows and ios/macos native client.

I try templated Windows Native and iOS Native, both works well respectively.

However, when I enable both of these, only iOS Native will work, and when I try to connect from windows, I will see some message about iOS Native interface from VPN Events log. It seems like fortigate try to handle windows vpn request with iOS Native vpn.

Here is the actual config:

FGT81EXXXXXXXXX # show vpn ipsec phase1-interface config vpn ipsec phase1-interface edit "l2tpIPsec" set type dynamic set interface "wan1" set peertype any set net-device disable set proposal aes256-md5 3des-sha1 aes192-sha1 set dpd on-idle set comments "VPN: l2tpIPsec (Created by VPN wizard)" set dhgrp 2 set wizard-type dialup-windows set psksecret ENC r6a0aJ6ppiZcRsVyfZeYTfdJ4ZHw+GKaQEAmO9aEMwVYOYN5lHPqe82yzKCdQ/svXa8l/20THR9tFfrv5cFM9Rh0YJCbSCOWq8irpwx+i4BGtIpITPV9KjbUYon/I3QSNY6hZYbipreBa5oCl4zpzvxLqG9QdAsQ279DSCmrKiGKO51bDRN6vqCfBoBXta4Fhx4Ehg== set dpd-retryinterval 60 next edit "ipsec" set type dynamic set interface "wan1" set peertype any set net-device disable set mode-cfg enable set proposal aes256-sha256 aes256-md5 aes256-sha1 set dpd on-idle set comments "VPN: ipsec (Created by VPN wizard)" set dhgrp 14 5 2 set wizard-type dialup-ios set xauthtype auto set authusrgrp "VPN_Group" set ipv4-start-ip 10.2.6.1 set ipv4-end-ip 10.2.6.254 set ipv4-netmask 255.255.240.0 set dns-mode auto set psksecret ENC LS9k7wvjeIi0WRlv4KnQOWspzF6ycJmIUHv3D2C8d+pahHjLQ4I8mhD4bpY3VoPGLimgisSWfYfzPmgu97AmzT3AEOnaF9vqwV3j6M+MXeWtv4XhnbKSXgFwOCThnMl8cM8x9yglNXMRaOKJ/ecEaXwGuISbACeu7F45NM1TzOFFn9QAQ5FNhzOKKeh/Gd+1er/LOA== set dpd-retryinterval 60 next end FGT81EXXXXXXXXX # show vpn ipsec phase2-interface config vpn ipsec phase2-interface edit "l2tpIPsec" set phase1name "l2tpIPsec" set proposal aes256-md5 3des-sha1 aes192-sha1 set pfs disable set encapsulation transport-mode set l2tp enable set comments "VPN: l2tpIPsec (Created by VPN wizard)" set keylifeseconds 3600 next edit "ipsec" set phase1name "ipsec" set proposal aes256-sha256 aes256-md5 aes256-sha1 set pfs disable set keepalive enable set comments "VPN: ipsec (Created by VPN wizard)" next end

6.2

suporte1

New Member

Any luck getting this to work?

I'm trying to config 2 windows native vpn(l2tp/ipsec), beacause I need diferent permissions on the vpns, and if I have only one configured it works, if I configure a second one both will not work.

suporte1

New Member

This can't be done I found the explanationin this article:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747

gigakun

New Member

suporte@sjosepneus.com wrote:
This can't be done I found the explanationin this article:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747

Hate to bump this thread but I am also experiencing this problem. Did you find a solution? As per the article I am attempting to setup the IPSEC VPN via the gui and trying to connect via windows via this guide

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/299180/configuration-overview

But I'm not having any luck. Can anyone guide me?

sw2090

SuperUser

Probably you would have to tie each vpn to a remote peer id. I ran into such issues with more than one dial in tunnel on FGTs too. I had to seperate them either by peer id or unique proposals.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded