Skip to main content
dudi
dudi
New Member
December 7, 2018
Question

User can't connect ipsec vpn with dhcp address

  • December 7, 2018
  • 1 reply
  • 6248 views

Dear experts,

 

I'm new with Fortinet. I have problem in my ipsec vpn connection that already configure with dhcp address that given to client (using Forticlient). No client can connect to my ipsec vpn

I have been configured with these steps:

1. create custom vpn with settings below:

    - network: dialup user with wan port interface and activate nat traversal

    - authentication with my pre shared key

    - ike v1 with aggresive option

    - group user whose connect to this vpn

    - phase1 and phase2 I leave it default

2. Modify the tunnel interface with ip (in this case: 192.168.202.1/24), dhcp activated, and type ipsec

3. create new ipv4 policy, incoming tunn-int outgoing LAN-int, nat active, allow all source and all dst

 

In Forticlient, I chose dhcp over ipsec, but no one can connect. I check all my settings seems it's OK

Would you give any advice to me, what wrong with my settings?

For short config I follow this tutorials: https://engineeronnetwork.wordpress.com/2018/09/18/fortigate-dial-up-vpn-with-dhcp/

 

Thank you

 

Dudi

 

    1 reply

    dudi
    dudiAuthor
    New Member
    December 10, 2018

    Dear Experts;

     

    We still waiting the solutions for this case. Many appreciations for your help.

    Thank you

    emnoc
    emnoc
    New Member
    December 10, 2018

    Qs:

     

    Did you  enable  under the vpn phase2-setting  the ipsec-enable?

     

     

       set dhcp-ipsec enable 

     

    Ddi you  provide any diagnostic captures and if the  DHCP server is seeing any  requests?

     

    Did you monitor any  DHCP activity at the dhcp-server for the relay-agent ? And is the scope correct ?

     

    Ken Felix

    dudi
    dudiAuthor
    New Member
    December 10, 2018

    Hi Ken,

     

    Thanks for your reply. I followed your advice to activate dhcp enable to phase2 vpn (in this case, my vpn is "VPN2".

    It's described below:

    ---

    Fortigate $ config vpn ipsec phase2-interface Fortigate (phase2-interface) $ show config vpn ipsec phase2-interface     edit "Ipsec-vpn"         set phase1name "Ipsec-vpn"         set comments "VPN: Ipsec-vpn (Created by VPN wizard)"     next     edit "VPN2"         set phase1name "VPN2"         set dhcp-ipsec enable     next end ---

    But the problem still ongoing. The client still can't connect to the vpn.

    The log of vpn and dhcp are:

    vpn log:

     

     

    dhcp log:

     

     

    It's seems like no user can connect. would you please give any idea to do?

    Thank you

     

    Terms & ConditionsAccessibility statement